Get Help:Ask a Question in our Forums|Report a Bug|More Help Resources
Last post Jun 27, 2012 10:41 PM by NickMetnik
Jun 21, 2012 09:49 PM|LINK
My forehead is bloody and I've reached the end of the internet so I thought I'd ask here....
I have a ASP.NET 4.0 application hosted by IIS7.5 with an app pool running in integrated mode.
Within my web.config I have the following:
<identity impersonate="true" />
<authentication mode="Windows" />
In IIS I have:
Authorization > WindowsAuthentication - Enabled
Authorization > Impersonation - Enabled
Everything is in Authorization is Disabled.
No matter what, WindowsIdentity.GetCurrent() always returns "iis apppool\[site name...]" and I can't figure out why I'm not getting the authenticated user's name?! The user get's prompted with the login and successfully gets authenticated FYI. It keeps acting
like impersonation is "false".
For what it's worth I have a similar site on the same server that is a ASP.NET 2.0 Classic and it always returns the correct user name.
It's configuration's both in the web.config and IIS are very close.
Please help I'm stumped.
Jun 22, 2012 01:03 AM|LINK
Nothing jumps out, but what I'd check (for sanity) is User.Identity.Name to see if you're really authenticating. If this is what you expect, then I'd just start a new project from scratch and build it up until I get it working and then check the deltas with
the non-working project.
G'dluck and report back when you solve it :)
Jun 22, 2012 05:59 AM|LINK
Check this url:
Jun 22, 2012 03:17 PM|LINK
Thank you BrockAllen and enihar. Both are great ideas to try. I'll give them a try today or tomorrow and report back.
Jun 26, 2012 06:04 PM|LINK
OK, back on site today and I've made an interesting discovery. I took BrockAllen's advice and did a needed sanity check.
What I've discovered is that my "sanity site" behaved the same. The only way I could get the identity to impersonate the actual Windows authenticated user is to change the app pool to ASP.Net 2.0 CLASSIC. Anything else would return the app pool identity.
Problem is I'm using Linq heavily so I need ASP.NET 4.0.
In IIS 7.5 I went to the server node > opened ISAPI and CGI Restrictions > all ASP.NET 4.x entries were listed as deny so I changed them to "Allowed".
Next I went back to Application Pools node and changed my app pool to ASP.NET 4.0 CLASSIC and bam, it works now. The expected user name appears.
Next I did a happy dance and got some coffee.
Thanks for everyone's help, I hope this thread sames someone else some time.
Jun 26, 2012 06:09 PM|LINK
Oh, haha... so all it was is that ASP.NET 4 was disabled? Oh man, I hate it when it's something like that. Well, glad you got it sorted out.
Jun 26, 2012 08:40 PM|LINK
Yeah :), the windows authentication articles forgot to mention that. I didn't expect Microsoft to disallow their own stuff by default, especially .Net but I've been bitten by the lock down before so I don't blame them.
Oh well passed it now and I will someday hit this again I'm sure! Thanks again for everyone's help.
Jun 26, 2012 10:22 PM|LINK
Thanks for mentioning that Nick, mine were blocked also. Still working on trying to get mine working.
Jun 26, 2012 10:25 PM|LINK
Glad I could help. Make sure the app pool is running as "Classic". Are you getting the "iis apppool\[site name...]" returned from WindowsIdentity.GetCurrent().Name?
Jun 27, 2012 04:05 PM|LINK
I do have it set for Classic,. Yes, when I run WindowsIdentity.GetCurrent().Name I am still getting app pool id that is set in the "Connect As" in the app pool.