What can cause incorrect user names when using IIS & Windows Authentication?

I’m currently experiencing an issue with some users of an ASP.NET 4.8 Web API application hosted on Windows Server 2012 and IIS. The following properties are not returning that user’s correct user name, and instead returning the name of a service account used for this server:

  • HttpContext.Current.User.Identity.Name
  • HttpContext.Current.Request.LogonUserIdentity.Name

I have no idea how to begin troubleshooting this – myself and most other users do not experience this issue, but for a handful of users the above does not return the correct username, returning the username of a service account used to remotely connect to the server in question. Forcing a login via a browser private window does rectify the issue, and the application correctly returns the expected username for each of the above properties.

What could be a cause for Windows Authentication not returning the correct user name and what is the best way to troubleshoot an issue like this?

edit: I was able to resolve the issue, see my answer below

Answers:

Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

After some additional research and troubleshooting, I determined that the users experiencing the issue described above had the service account in question stored in the Windows Credential Manager:

What can cause incorrect user names when using IIS & Windows Authentication?

Removing the service account in question allowed them to be authenticated with the Intranet site with their normal Windows domainusername. As @pcalkins suggested, at some point the affected users had used these credentials on their machine, and Chrome, Edge, IE were using that saved credential when authenticating with the Intranet site.

Method 2

Please check the following steps:

  1. Make sure that windows authentication is enable and Anonymous Authentication is disable for the website.
  2. Enable integrated security in Interner Explorer (Options/Advanced and checkin the “Enable Integrated Windows Authentication” option).
  3. Add your website to Local Intranet zone and select at least “Automatic logon only in Intranet Zone” option under Options/Security Settings/Local intranet/Custom level).
  4. Aake sure the user and application server are in the same domain.


All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x