-1

Framework: asp.net core 2.2 I'm trying to get the Windows logged in user. I get it when running on the localhost, but when deploying the application to the IIS- I'm getting the application pool name.

After investigating it, I figure out I need to setup a web.config for the deploy, along with the launchsettings for the developent env.

This is the relevant controller code:

[Route("getUser")]
[HttpGet]
public IActionResult GetUser()
{
    var currentUser = System.Security.Principal.WindowsIdentity.GetCurrent();
    return Ok(currentUser.Name);
}

This is how iisSettings were initially defined in the launchSettings, and it worked perfectly on my localhost (iisexpress):

"iisSettings":{
    "windowsAuthentication": false,
    "anonymousAuthentication": true
    ...
}

When tried to set it up to enable windowsAuthentication:

"iisSettings":{
    "windowsAuthentication": true,
    "anonymousAuthentication": false
    ...
}

I got 401.2 unauthorized http error code.

**Second version additional data:

So I'm using the first edition of the launch settings ("windowsAuthentication": false, "anonymousAuthentication": true) for development env. - All worked well in the localhost.

I then added a web.config file, in order to setup the IIS for hosting after deploy. This is how my web.config looks like, more or less (free handed copying, not cut+paste):

<system.web>
    <authentication mode="Windows"></authentication>
    <identity impersonate="false" /> //This is because I'm getting the username by code
</system.web>
<system.webServer>
    <aspnetCore processPath=....... forwardWindowsAuthToken="true" hsotingModel="InProcess">
    </aspnetCore>
    <security>
        <authentication>
            <anonymousAuthentication enabled ="true" />
            <windowsAuthentication enabled ="true" />
        </authentication>
    </security>
</system.webServer>

In that stage I even cannot start up the localhost, I'm getting config error:

"This configuration section cannot be used at this path. This happens when the section is locked at aparent level..."

The authentication section is causing the error, meaning - when I comment it out the error disappear. What should I do ?

Guy E
  • 1,775
  • 2
  • 27
  • 55
  • Does this answer your question? [Asp.Net core MVC application Windows Authentication in IIS](https://stackoverflow.com/questions/39084052/asp-net-core-mvc-application-windows-authentication-in-iis) – Camilo Terevinto Aug 31 '21 at 10:20
  • Not totally - I understand that I needed to create and define a web.config file, but adding the section to the file as mentioned above causing a config error. I edited the question. See above – Guy E Aug 31 '21 at 12:54
  • System.Security.Principal.WindowsIdentity.GetCurrent() is going to give you the user that the code is running as, so that's the wrong thing to use. You need to use ASP.NET Core specific logic in order to get the Windows user accessing the site, and you need to turn off Anonymous auth. You can turn Anonymous auth off and Windows auth on via IIS, you don't have to do it via web.config. – mason Aug 31 '21 at 12:56

1 Answers1

0

ControllerBase.User is the only right way to give you the user account of the requests.

System.Security.Principal.WindowsIdentity.GetCurrent() can only give you the application pool account.

Lex Li
  • 60,503
  • 9
  • 116
  • 147