0

Each user of my asp.net forms app logs into a PC with their Active Directory credentials. How could the ASP.NET forms app get the user name and the email address currently logged into the PC?

Hidalgo
  • 941
  • 2
  • 14
  • 38

2 Answers2

1

There is no guaranteed way to find out which user they are logged into their computer with. However, you can:

  1. Enable Windows Authentication so they need to authenticate with your website with an AD account
  2. Add your website to the Trusted Sites in the Internet Options on their computer (this can be done in group policy) so that IE and Chrome will automatically send the credentials of the currently-logged-on user account. (Firefox uses its own network.negotiate-auth.delegation-uris setting)

If you skip step 2, then the user will be prompted for credentials. If the credentials sent in step 2 fail for whatever reason (for example, they are logged in with a local account instead of a domain account), the user will be prompted for credentials. Then they can type in whatever AD account they want, which may not be the same as what they are logged into their computer with. That's why I say that there is no 100% guaranteed way to know what account they are logged into their computer with.

If only some of your users have AD accounts, and some don't, then you can use split Forms and Windows authentication. I've done this before and described how I did it in a past answer.

Gabriel Luci
  • 38,328
  • 4
  • 55
  • 84
  • @Gariel Luci I have to skip step 2 since I cannot ask all customers to make changes to their browser. I tried step 1 but so far, no success. The code that I am looking at (and have not yet had luck with) is as follows: UserPrincipal user = UserPrincipal.FindByIdentity(ctx, IdentityType.SamAccountName, "domain/username"); So far the user returns NULL because I can't figure out the user name. Also, there should be no authentication of the application, no authentication form. The customer assures me that everybody authenticated in AD when logging into PC. – Hidalgo Sep 09 '19 at 19:40
  • 1
    If you want "no authentication of the application, no authentication form", then you have no choice but to implement step 2. You cannot do it without. You need the client to send the credentials automatically, and that will not happen unless your site is trusted. If your site is an Intranet site, then it *might* already be trusted. If your Windows Authentication is already working, then see what `Request.LogonUserIdentity` tells you. – Gabriel Luci Sep 09 '19 at 20:57
  • This site is an Intranet site and the site is Trusted (in IE), I checked. The Request.LogonUserIdentityName returns NT AUTHORITY\IUSR I don't know if this means anything since I am logged to the site via RDP. Thank you. – Hidalgo Sep 10 '19 at 21:24
  • 1
    That sounds like your Windows Authentication might not be working. What do you see in `HttpContext.Current.User.Identity.Name`? – Gabriel Luci Sep 10 '19 at 22:59
  • Empty - nothing. – Hidalgo Sep 11 '19 at 00:21
  • Maybe I should add to my web.config ? – Hidalgo Sep 11 '19 at 00:22
  • If that's empty then Windows Authentication isn't happening. Impersonation won't change anything if Windows Authentication isn't working. You need `` to turn it on. You might also have to make sure that anonymous authentication is disabled. (otherwise, anonymous will take precedence) – Gabriel Luci Sep 11 '19 at 00:55
  • Thank you for your suggestions. I did try to disable the anonymous authentication for the site. Then I was not able to bring up a page at all. I will try again and see how it works. – Hidalgo Sep 11 '19 at 12:05
0

Get User Name with HttpContext.Current.Request.LogonUserIdentity than Query to AD to get Email check How to get a user's e-mail address from Active Directory?

Selim Yildiz
  • 5,254
  • 6
  • 18
  • 28
  • Since Hidalgo said that it's a "forms app", `Request.LogonUserIdentity` will just give you the username used in the login form, which may not match their AD username. – Gabriel Luci Sep 09 '19 at 13:52
  • @Gabriel Luci Let me clarify. There is no log in form. The page is using Windows Authentication. – Hidalgo Sep 09 '19 at 19:51