I have an asp.net 4.5 web forms web app deployed on a remote IIS7+ server and I want to get the domainusername of the user to populate a database column.
My web.config has the following:
<system.web>
<authentication mode="Windows" />
<identity impersonate="true" /> <!-- I have tried with and without impersonate-->
<authorization>
<deny users="?"/>
</authorization>
...other stuff
</system.web>
<system.webServer>
<security>
<authentication>
<anonymousAuthentication enabled="false" />
<windowsAuthentication enabled="true" />
</authentication>
</security>
<modules>
<remove name="FormsAuthentication" />
</modules>
Here are some of the things I have tried:
String username = Membership.GetUser().UserName;
= HttpContext.Current.User.Identity.Name;
= Page.User.Identity;
= User.Identity.Name;
= Environment.Name; // Or something similar to this I don't remember exactly.
Other things to note:
Windows authentication is enabled on the server for my web app.
I keep getting the server name instead of the username.
Also, there is no logon for my web app. Users are restricted access to the server but if they can access the server then they automatically have access to my web app.
[UPDATE]
Interesting breakthrough, if I do an inline
<% Response.Write(HttpContext.Current.User.Identity.Name.ToString()); %>
then myDomainusername is written to my page. However, if I do the same code server side it returns the Server Name. Why would it return something different?
I have tried the below code but it still returns the Server name, I’m guessing its because the inline runs client-side and the controls run server side.
<asp:Label ID="LabelID" Text=" <% HttpContext.Current.User.Identity.Name.ToString(); %>" />
then in codeBehind
String curUser = LabelID.Text;
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
See:
http://forums.asp.net/t/1121780.aspx?Getting+a+users+DOMAIN+username+from+a+web+application
To get the current userid name of an asp.net aspx page use
System.Security.Principal.WindowsIdentity.GetCurrent().Name
To get the actual person who’s logged in use any of these:
HttpContext.Current.User.Identity.Name
Page.User (wraps HttpContext.Current.User.Identity.Name)
Request.ServerVariables("logon_user")
You’ll probably also need:
impersonate=true
in your web.config file
This post may also help you:
Built-in helper to parse User.Identity.Name into DomainUsername
[EDIT] This post shows what’s happening under the covers in IIS 7:
How to get at the current users windows identity
This post will hopefully also give you an idea of what the results of your trial and error mean:
How to get Windows user name when identity impersonate=”true” in asp.net?
You may also need the following in your web.config
<authorization>
<deny users = "?" /><!-- This denies access to the Anonymous user -->
<allow users ="*" /><!-- This allows access to all users -->
</authorization>
[EDIT2]
The behavior you are observing implies you are executing
HttpContext.Current.User.Identity.Name
On what you are calling “the server side” too early in IIS’s processing pipeline application lifecycle i.e. before authentication has taken place. The
Response.Write(
is one of the last aspects of application life cycle. Take a look at Microsoft’s IIS7 life cycle documentation: http://msdn.microsoft.com/en-us/library/bb470252.aspx
- Validate the request.
- Perform URL mapping.
- Raise the BeginRequest event.
- Raise the AuthenticateRequest event.
- Raise the PostAuthenticateRequest event.
- Raise the AuthorizeRequest event.
- Raise the PostAuthorizeRequest event.
…
Its only after this that it will really be safe to do the processing you need to
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0