0

I have written a Blazor Server App and deployed it to IIS.

Inside the app I would like to access the database as the Windows Active Directory user using the site, not the IIS user.

This code works, but it always returns the IIS user:

System.Security.Principal.WindowsIdentity identity = 
    System.Security.Principal.WindowsIdentity.GetCurrent();

I have found and tried all the variants shown below, from my internet search, but none return the User ID from AD accessing the website. I am not an IIS admin - maybe the magic is in there? Appreciate any help.

// .name is always null
var httpUser = HttpContextAccessor.HttpContext.User.Identity;

// principal user is null
var principalUser = Thread.CurrentPrincipal; //.Identity.Name;

// Is this supposed to impersonate the AD User?
web.config
<system.web>
    <identity impersonate="true"/>
</system.web>

// This may only affect debugging??

  • Project Properties
    • Debug/Launch Profiles
      • Disabled Anonymous Auth
      • Enabled Windows Auth

// Browsed through authState and see nothing resembling the AD User Id

var authState = await AuthenticationStateProvider
            .GetAuthenticationStateAsync();
marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
CsharpSqlGuy
  • 13
  • 3
  • 1
    Unless your web site is actually using Active Directory authentication, this information is not available. Indeed, there's no guarantee the client is using a WIndows system at all. – Tim Roberts Aug 30 '23 at 02:50
  • This is an on-perm site where everyone who accesses the site must login to AD first. So everyone uses Windows AD but is that the same as the 'web site' using Active Directory? The IIS user which all users accessing the site appear as also has an AD ID. – CsharpSqlGuy Aug 30 '23 at 03:33
  • See if this helps: https://stackoverflow.com/questions/19676312/how-to-get-user-name-using-windows-authentication-in-asp-net . I haven't closed-as-dup because I'm not 100% sure this will help you. – Tim Roberts Aug 30 '23 at 03:45
  • Thanks for that link. But I have tried all of those suggestions and since none of them were marked as the answer was not too optimistic. – CsharpSqlGuy Aug 30 '23 at 13:11

2 Answers2

0

The answer for me was to create a Blazor project and pick 'Authentication Type: Windows' during the project creation. (I had formerly left it defaulted to None since everyone already logged in to Windows I thought it would be redundant.) That resulted in the default Blazor app showing me the user's AD name (and not the IIS User name) in the upper right hand corner of index.

As a newcomer to asp.net I was probably asking for something that could never be accomplished with 'Authentication Type: None'. (As the first commenter suggested.)

CsharpSqlGuy
  • 13
  • 3
0

Hope the following code helps.

private readonly AuthenticationStateProvider authStateProvider;

public async Task<string> GetADUserNameAsync()
{
    var authState = await authStateProvider.GetAuthenticationStateAsync();

    var userName = string.Empty;

if (authState != null)
{
    var user = authState.User;

       if (user.Identity.IsAuthenticated && user.Identity!= null && user!= null)
        {
        try
        {
            var adUserNameClaim = user.Claims.Where(x => x.Type == "preferred_username").First();

            if (adUserNameClaim != null)
            {
                var val = adUserNameClaim.Value;
                var mail = new MailAddress(val);
                userName = mail.User;
            }
        }
        catch(Exception ex) {}
    }
}

  return userName;
}
ASPDev
  • 1
  • 1
  • Yes, that code is useful. After one selects Authentication Type: Windows you would still need some sort of code like this to get the USER Name/ID. I did it like this: var authState = await AuthenticationStateProvider.GetAuthenticationStateAsync(); if (authState != null) { var user = authState.User; AuthUserName = user.Identity?.Name; } – CsharpSqlGuy Aug 31 '23 at 16:41
  • Yes that will work. The AuthUserName variable will have name with the emailaddress(abc@gmail.com) but I truncated email address from the name. – ASPDev Aug 31 '23 at 18:41