How to get current user who's accessing an ASP.NET application?

Question

To get the current logged in user at the system I use this code:

string opl = System.Security.Principal.WindowsIdentity.GetCurrent().Name.ToString();

I work on an ASP.NET application where I need this information. So I've put my application on a server and tried the code above, and I get "Network Service" in the string opl. I need to know the current user of the PC who accesses my ASP.NET application.

see https://stackoverflow.com/questions/27563703/get-windows-logged-in-username-asp-net. — Lucas Dal Piaz, Jul 15 '21 at 14:58

score 58 · Answer 1 · edited Feb 03 '16 at 00:43

58

The quick answer is User = System.Web.HttpContext.Current.User

Ensure your web.config has the following authentication element.

<configuration>
    <system.web>
        <authentication mode="Windows" />
        <authorization>
            <deny users="?"/>
        </authorization>
    </system.web>
</configuration>

Further Reading: Recipe: Enabling Windows Authentication within an Intranet ASP.NET Web application

edited Feb 03 '16 at 00:43

Trisped

5,705
2
45
58

answered Mar 24 '11 at 09:39

BenCr

5,991
5
44
68

10

This if you're looking for the user login. Specifically the string is `System.Web.HttpContext.Current.User.Identity.Name` – Nashwan Mar 24 '11 at 09:48
Now it returns nothing the string is empty :s – Tassisto Mar 24 '11 at 09:53
1

Read the article, you need to configure windows authentication. – BenCr Mar 24 '11 at 10:03
I've read the article, windows authentication is set by default – Tassisto Mar 24 '11 at 10:11
Do you have IIS configured correctly? Are you in an intranet scenario where the credentials can be "flowed" to the server. Windows authentication doesn't work over the wider Internet – BenCr Mar 24 '11 at 10:23
Take a look at this related question, you could try some of the suggestions from there. http://stackoverflow.com/questions/1215000/httpcontext-current-user-not-populated-with-windows-authentication-enabled – BenCr Mar 24 '11 at 10:48
If anonymous authentication is also enabled then it is used instead of Windows authentication. – Karlth Feb 23 '16 at 14:27

score 24 · Answer 2 · edited Jan 11 '17 at 18:36

Using System.Web.HttpContext.Current.User.Identity.Name should work. Please check the IIS Site settings on the server that is hosting your site by doing the following:

Go to IIS → Sites → Your Site → Authentication
Now check that Anonymous Access is Disabled & Windows Authentication is Enabled.
Now System.Web.HttpContext.Current.User.Identity.Name should return something like this:

domain\username

score 19 · Accepted Answer · edited Jul 29 '20 at 16:47

19

If you're using membership you can do: Membership.GetUser()

Your code is returning the Windows account which is assigned with ASP.NET.

Additional Info Edit: You will want to include System.Web.Security

using System.Web.Security

edited Jul 29 '20 at 16:47

Jason Geiger

1,912
18
32

answered Mar 24 '11 at 09:36

Robert

3,276
1
17
26

1

in which namespace can I find this? – Tassisto Mar 24 '11 at 09:53
2

System.Web.Security namespace – Robert Mar 24 '11 at 09:56
I'm getting: "Object reference not set to an instance of an object."-error – Tassisto Mar 24 '11 at 10:00
do you use membership feature of ASP .NET? which mode of authentication do you use? – Robert Mar 24 '11 at 10:02
1

Windows Authentication, how can I decide which feature to use? – Tassisto Mar 24 '11 at 10:03
you use windows auth. when you want to treat users of your page as windows users (active directory) stored on your server. If you want to maintain users in database separate from windows users you should use forms auth. – Robert Mar 24 '11 at 10:19
@Robert What if I'm using Asp .Net core 2.1 and I want to get the user logged on in Ubuntu? Is there any way to achieve this? – Sruthi Varghese Jan 07 '19 at 06:03

score 11 · Answer 4 · edited Oct 21 '15 at 14:21

The best practice is to check the Identity.IsAuthenticated Property first and then get the usr.UserName like this:

string userName = string.Empty;

if (System.Web.HttpContext.Current != null && 
    System.Web.HttpContext.Current.User.Identity.IsAuthenticated)
{
    System.Web.Security.MembershipUser usr = Membership.GetUser();
    if (usr != null)
    {  
        userName = usr.UserName;
    }
}

score 7 · Answer 5 · edited Jan 11 '17 at 18:39

7

You can simply use a property of the page. And the interesting thing is that you can access that property anywhere in your code.

Use this:

HttpContext.Current.User.Identity.Name

edited Jan 11 '17 at 18:39

Peter Mortensen

30,738
21
105
131

answered Sep 20 '16 at 07:11

Osanda Deshan Nimalarathna

83
1
6

score 3 · Answer 6 · edited Jan 11 '17 at 18:38

Don't look too far.

If you develop with ASP.NET MVC, you simply have the user as a property of the Controller class. So in case you get lost in some models looking for the current user, try to step back and to get the relevant information in the controller.

In the controller, just use:

using Microsoft.AspNet.Identity;

  ...

  var userId = User.Identity.GetUserId();
  ...

with userId as a string.

score 1 · Answer 7 · answered Oct 18 '18 at 14:29

The general consensus answer above seems to have have a compatibility issue with CORS support. In order to use the HttpContext.Current.User.Identity.Name attribute you must disable anonymous authentication in order to force Windows authentication to provide the authenticated user information. Unfortunately, I believe you must have anonymous authentication enabled in order to process the pre-flight OPTIONS request in a CORS scenario.

You can get around this by leaving anonymous authentication enabled and using the HttpContext.Current.Request.LogonUserIdentity attribute instead. This will return the authenticated user information (assuming you are in an intranet scenario) even with anonymous authentication enabled. The attribute returns a WindowsUser data structure and both are defined in the System.Web namespace

        using System.Web;
        WindowsIdentity user;
        user  = HttpContext.Current.Request.LogonUserIdentity;

George · Answer 8 · 2019-05-22T10:42:34.460

I ran in the same issue.

This is what worked for me:

Setting up Properties of Windows Authentication in IIS

NTLM has to be the topmost. Further Web.config modifications, make sure you already have or add if these do not exist:

<system.web>

  <authentication mode="Windows" />
  <identity impersonate="true"/>

</system.web>

 <!-- you need the following lines of code to bypass errors, concerning type of Application Pool (integrated pipeline or classic) -->

<system.webServer>
   <validation validateIntegratedModeConfiguration="false"/>
</system.webServer>

See below a legit explanation for the two nodes and

Difference between <system.web> and <system.webServer>?

And, of course , you get the username by

//I am using the following to get the index of the separator "\\" and remove the Domain name from the string
int indexOfSlashChar = HttpContext.Current.User.Identity.Name.IndexOf("\\"); 

loggedInWindowsUserName = HttpContext.Current.User.Identity.Name.Substring(indexOfSlashChar + 1);

How to get current user who's accessing an ASP.NET application?

8 Answers8

Linked

Related