My forehead is bloody and I've reached the end of the internet so I thought I'd ask here....
I have a ASP.NET 4.0 application hosted by IIS7.5 with an app pool running in integrated mode.
Within my web.config I have the following:
<identity impersonate="true" />
<authentication mode="Windows" />
In IIS I have:
Authorization > WindowsAuthentication - Enabled
Authorization > Impersonation - Enabled
Everything is in Authorization is Disabled.
No matter what, WindowsIdentity.GetCurrent() always returns "iis apppool\[site name...]" and I can't figure out why I'm not getting the authenticated user's name?! The user get's prompted with the login and successfully gets authenticated FYI. It keeps acting
like impersonation is "false".
For what it's worth I have a similar site on the same server that is a ASP.NET 2.0 Classic and it always returns the correct user name.
It's configuration's both in the web.config and IIS are very close.
Nothing jumps out, but what I'd check (for sanity) is User.Identity.Name to see if you're really authenticating. If this is what you expect, then I'd just start a new project from scratch and build it up until I get it working and then check the deltas with
the non-working project.
OK, back on site today and I've made an interesting discovery. I took BrockAllen's advice and did a needed sanity check.
What I've discovered is that my "sanity site" behaved the same. The only way I could get the identity to impersonate the actual Windows authenticated user is to change the app pool to ASP.Net 2.0 CLASSIC. Anything else would return the app pool identity.
Problem is I'm using Linq heavily so I need ASP.NET 4.0.
PROBLEM SOLVED:
In IIS 7.5 I went to the server node > opened ISAPI and CGI Restrictions > all ASP.NET 4.x entries were listed as deny so I changed them to "Allowed".
Next I went back to Application Pools node and changed my app pool to ASP.NET 4.0 CLASSIC and bam, it works now. The expected user name appears.
Next I did a happy dance and got some coffee.
Thanks for everyone's help, I hope this thread sames someone else some time.
Nick
Marked as answer by nickmetnik on Jun 26, 2012 06:04 PM
Yeah :), the windows authentication articles forgot to mention that. I didn't expect Microsoft to disallow their own stuff by default, especially .Net but I've been bitten by the lock down before so I don't blame them.
Oh well passed it now and I will someday hit this again I'm sure! Thanks again for everyone's help.
Glad I could help. Make sure the app pool is running as "Classic". Are you getting the "iis apppool\[site name...]" returned from WindowsIdentity.GetCurrent().Name?
I do have it set for Classic,. Yes, when I run WindowsIdentity.GetCurrent().Name I am still getting app pool id that is set in the "Connect As" in the app pool.
NickMetnik
Member
12 Points
8 Posts
Windows Authentication with Impersonation
Jun 21, 2012 09:49 PM|LINK
Hello All,
My forehead is bloody and I've reached the end of the internet so I thought I'd ask here....
I have a ASP.NET 4.0 application hosted by IIS7.5 with an app pool running in integrated mode.
Within my web.config I have the following:
<identity impersonate="true" />
<authentication mode="Windows" />
In IIS I have:
Authorization > WindowsAuthentication - Enabled
Authorization > Impersonation - Enabled
Everything is in Authorization is Disabled.
No matter what, WindowsIdentity.GetCurrent() always returns "iis apppool\[site name...]" and I can't figure out why I'm not getting the authenticated user's name?! The user get's prompted with the login and successfully gets authenticated FYI. It keeps acting like impersonation is "false".
For what it's worth I have a similar site on the same server that is a ASP.NET 2.0 Classic and it always returns the correct user name.
It's configuration's both in the web.config and IIS are very close.
Please help I'm stumped.
Thank you,
Nick
BrockAllen
All-Star
27524 Points
4902 Posts
MVP
Re: Windows Authentication with Impersonation
Jun 22, 2012 01:03 AM|LINK
Nothing jumps out, but what I'd check (for sanity) is User.Identity.Name to see if you're really authenticating. If this is what you expect, then I'd just start a new project from scratch and build it up until I get it working and then check the deltas with the non-working project.
G'dluck and report back when you solve it :)
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
enihar
Member
46 Points
18 Posts
Re: Windows Authentication with Impersonation
Jun 22, 2012 05:59 AM|LINK
Check this url:
http://stackoverflow.com/questions/3015434/why-does-windows-authentication-impersonation-fail-on-asp-net-application-with
NickMetnik
Member
12 Points
8 Posts
Re: Windows Authentication with Impersonation
Jun 22, 2012 03:17 PM|LINK
Thank you BrockAllen and enihar. Both are great ideas to try. I'll give them a try today or tomorrow and report back.
Thank you,
Nick
NickMetnik
Member
12 Points
8 Posts
Re: Windows Authentication with Impersonation
Jun 26, 2012 06:04 PM|LINK
OK, back on site today and I've made an interesting discovery. I took BrockAllen's advice and did a needed sanity check.
What I've discovered is that my "sanity site" behaved the same. The only way I could get the identity to impersonate the actual Windows authenticated user is to change the app pool to ASP.Net 2.0 CLASSIC. Anything else would return the app pool identity. Problem is I'm using Linq heavily so I need ASP.NET 4.0.
PROBLEM SOLVED:
In IIS 7.5 I went to the server node > opened ISAPI and CGI Restrictions > all ASP.NET 4.x entries were listed as deny so I changed them to "Allowed".
Next I went back to Application Pools node and changed my app pool to ASP.NET 4.0 CLASSIC and bam, it works now. The expected user name appears.
Next I did a happy dance and got some coffee.
Thanks for everyone's help, I hope this thread sames someone else some time.
Nick
BrockAllen
All-Star
27524 Points
4902 Posts
MVP
Re: Windows Authentication with Impersonation
Jun 26, 2012 06:09 PM|LINK
Oh, haha... so all it was is that ASP.NET 4 was disabled? Oh man, I hate it when it's something like that. Well, glad you got it sorted out.
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
NickMetnik
Member
12 Points
8 Posts
Re: Windows Authentication with Impersonation
Jun 26, 2012 08:40 PM|LINK
Yeah :), the windows authentication articles forgot to mention that. I didn't expect Microsoft to disallow their own stuff by default, especially .Net but I've been bitten by the lock down before so I don't blame them.
Oh well passed it now and I will someday hit this again I'm sure! Thanks again for everyone's help.
SpokeDev
Member
7 Points
22 Posts
Re: Windows Authentication with Impersonation
Jun 26, 2012 10:22 PM|LINK
Thanks for mentioning that Nick, mine were blocked also. Still working on trying to get mine working.
NickMetnik
Member
12 Points
8 Posts
Re: Windows Authentication with Impersonation
Jun 26, 2012 10:25 PM|LINK
Glad I could help. Make sure the app pool is running as "Classic". Are you getting the "iis apppool\[site name...]" returned from WindowsIdentity.GetCurrent().Name?
SpokeDev
Member
7 Points
22 Posts
Re: Windows Authentication with Impersonation
Jun 27, 2012 04:05 PM|LINK
I do have it set for Classic,. Yes, when I run WindowsIdentity.GetCurrent().Name I am still getting app pool id that is set in the "Connect As" in the app pool.