The requirement is to extract the logged in user from the current request. The website is withing intranet but in IIS anonymous access is allowed. server variables like "Auth_user" are returning blank in this case.
Is this possible to extract logged in user to the web site from AD with Anonymous access enabled in IIS, no other authentication method is enabled in IIS, i.e. (Integrated windows authentication, basic authentication all disabled).
There is no log in screen and we need to identify the user through the current request.
None of the methods to retrieve the current logged on user will work with anonymous authentication enabled. If this is an intranet application and all computers that will access it are part of the domain, there is no reason not to disable anonymous access
and enable windows authentication. Then you will be able to access the current logged on user.
Initially the site was having "Integrated windows Authentication", and the server variables like "Auth_user" were initialized correctly. But the site was having issues with Safari and we had to disable "Integrated windows Authentication". It sorted out the
issue with Safari, but started showing up a popup for credentials to users. since Safari issue was a must to solve we did go with disabling "Integrated windows Authentication".
We'r now trying to supress the pop up, one such way is to allow anonymous access. since the site is only within intranet none of the users outside are going to access it. Further everytime the user accesses the site, his credentials are rechecked with available
list of users in database. There is no log in screen in the site, the users are automatically authenticated through "Integrated windows Authentication" and we just check the initialized server variables against database.
Now, with anonymous access the variables are not initialized, and we r trying to find a way out to know the user who is accessing the site. AD is just one such attempt, if it's possible then it will be implemented or we will go finding some other solution.
In IIS you set the Authentication to windows and in your web.config you can set it to Forms and use a login page to get rid of that popup. This is how I have my local intranet apps setup. You can leave that as a log in page to allow them to provide alternate
login credentials to gain access to the page or just leave it an access denied page if you want access granted only from their credentials of being logged onto the computer.
But the business users are not in favour of using one login screen. The website is linked to the Intranet and they expect to access the website automaticalling by following the link on Intranet rather than going through the pop up. Also, they are not willing
to make any changes to Intranet.
swarup
Member
17 Points
21 Posts
Logged in UserName from AD
Dec 29, 2011 09:48 AM|LINK
Hi,
The requirement is to extract the logged in user from the current request. The website is withing intranet but in IIS anonymous access is allowed. server variables like "Auth_user" are returning blank in this case.
Is this possible to extract logged in user to the web site from AD with Anonymous access enabled in IIS, no other authentication method is enabled in IIS, i.e. (Integrated windows authentication, basic authentication all disabled).
There is no log in screen and we need to identify the user through the current request.
Any sort of help is appreciated.
Srikanth Kas...
Contributor
4289 Points
883 Posts
Re: Logged in UserName from AD
Dec 29, 2011 10:06 AM|LINK
Try this,
System.Security.Principal.WindowsIdentity.GetCurrent().Name.ToString();
OR
HttpContext.Current.User.Identity.Name.ToString();
Srikanth Kasturi
Please "Mark As Answer" if my post serves purpose.
swarup
Member
17 Points
21 Posts
Re: Logged in UserName from AD
Dec 29, 2011 11:21 AM|LINK
Thanks,
but System.Security.Principal.WindowsIdentity.GetCurrent().Name.ToString() returns the user name specified in the Anonymous access section in IIS.
HttpContext.Current.User.Identity.Name.ToString() returns blank
Anonymous access is enabled in IIS.
Is there any other way to retrive the User ID other than AD
Srikanth Kas...
Contributor
4289 Points
883 Posts
Re: Logged in UserName from AD
Dec 29, 2011 11:48 AM|LINK
Pardon my knowledge in your requirement here.. But i would like to know, why are you providing anonymous access for your application ?
In case of anonymous access, HttpContext.Current.User.Identity.Name.ToString() returns blank.
Check with authentication..
HttpContext.Current.User.Identity.IsAuthenticated
Srikanth Kasturi
Please "Mark As Answer" if my post serves purpose.
gww
Contributor
2143 Points
458 Posts
Re: Logged in UserName from AD
Dec 29, 2011 12:04 PM|LINK
None of the methods to retrieve the current logged on user will work with anonymous authentication enabled. If this is an intranet application and all computers that will access it are part of the domain, there is no reason not to disable anonymous access and enable windows authentication. Then you will be able to access the current logged on user.
swarup
Member
17 Points
21 Posts
Re: Logged in UserName from AD
Dec 30, 2011 06:11 AM|LINK
Hi,
Thanx for sharing your views.
Initially the site was having "Integrated windows Authentication", and the server variables like "Auth_user" were initialized correctly. But the site was having issues with Safari and we had to disable "Integrated windows Authentication". It sorted out the issue with Safari, but started showing up a popup for credentials to users. since Safari issue was a must to solve we did go with disabling "Integrated windows Authentication".
We'r now trying to supress the pop up, one such way is to allow anonymous access. since the site is only within intranet none of the users outside are going to access it. Further everytime the user accesses the site, his credentials are rechecked with available list of users in database. There is no log in screen in the site, the users are automatically authenticated through "Integrated windows Authentication" and we just check the initialized server variables against database.
Now, with anonymous access the variables are not initialized, and we r trying to find a way out to know the user who is accessing the site. AD is just one such attempt, if it's possible then it will be implemented or we will go finding some other solution.
Thanx
Srikanth Kas...
Contributor
4289 Points
883 Posts
Re: Logged in UserName from AD
Dec 30, 2011 06:15 AM|LINK
Hey swarup,
If that windows credential challenge popup is your concern, why dont you design a login page ? Let me know if you need help on that.
Srikanth Kasturi
Please "Mark As Answer" if my post serves purpose.
gww
Contributor
2143 Points
458 Posts
Re: Logged in UserName from AD
Dec 30, 2011 11:45 AM|LINK
In IIS you set the Authentication to windows and in your web.config you can set it to Forms and use a login page to get rid of that popup. This is how I have my local intranet apps setup. You can leave that as a log in page to allow them to provide alternate login credentials to gain access to the page or just leave it an access denied page if you want access granted only from their credentials of being logged onto the computer.
swarup
Member
17 Points
21 Posts
Re: Logged in UserName from AD
Jan 03, 2012 09:38 AM|LINK
Thanks,
But the business users are not in favour of using one login screen. The website is linked to the Intranet and they expect to access the website automaticalling by following the link on Intranet rather than going through the pop up. Also, they are not willing to make any changes to Intranet.
Left with no hope perhaps !!!!!!!!
Srikanth Kas...
Contributor
4289 Points
883 Posts
Re: Logged in UserName from AD
Jan 03, 2012 01:00 PM|LINK
There is one setting on IE browser, which will help you automatically login the intranet zone without any prompt for user credentials.
Internet Options --> Security -- > Custom level button -- > User Authentication (Scroll down) -- > Automatic login with username and password (3rd option)
Srikanth Kasturi
Please "Mark As Answer" if my post serves purpose.