Inside my ASP.NET app, I would like to obtain the authenticated windows user then have my backend code do the following:
1. Determine the group membership of the user ala Active Directory. Currently, I'm using DirectoryServices but I wonder if I can just use isRole(...) and pass in a list of group names from AD.
2. Access UNC shares using a predefine/set user account.
My questions are:
1. How do I have my ASP.NET page use windows authentication while having my IIS6.0 process execute code (e.g. accessing UNC share) using a set user account with limited permissions? I currenly have the webconfig set for windows auth. I'm not sure what I
need to do within the IIS web site properties dialog to make sure it runs as a specify user.
2. I'm trying to get the authenticated user info. Why is WindowsIdentity.GetCurrent() returning a different value from User.Identity.Name? (see 2.d below) I'm not sure if one call is within the context of the thread and the other in the context of the
process.
2.b //Prints "NT AUTHORITY\NETWORK SERVICE, 1064"
WindowsPrincipal wp = new WindowsPrincipal(current);
Response.Write("WindowsPrincipal Info via WindowsIdentity: "+wp.Identity.Name.ToString()+"<br>\n");
2.c //Prints My domain\username as expected
AppDomain myDomain = Thread.GetDomain();
myDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
WindowsPrincipal myPrincipal = (WindowsPrincipal)Thread.CurrentPrincipal;
Response.Write("WindowsPrincipal Info\nUser: "+myPrincipal.Identity.Name.ToString()+"\n");
2.d //Prints My domain\username as expected but using HttpContext
HttpContext myContext = HttpContext.Current; // I could just reference User.Identity.Name
Response.Write("\n\nHttpContext Info: "+myContext.User.Identity.Name+"\n");
Thank you.
Leon
Thank you,
Leon
"I'm not suffering from insanity. I'm enjoying every minute of it!"
1. How do I have my ASP.NET page use windows authentication while having my IIS6.0 process execute code (e.g. accessing UNC share) using a set user account with limited permissions? I currenly have the webconfig set for windows auth. I'm not sure what I
need to do within the IIS web site properties dialog to make sure it runs as a specify user.
Add this to your web.config file to impersonate a user account rather the default NETWORK SERVICE account
<identity impersonate="true" userName="" password="" />
Then you can use this line of code.
System.Security.Principal.WindowsIdentity.GetCurrent().Name)
LeonS
2. I'm trying to get the authenticated user info. Why is WindowsIdentity.GetCurrent() returning a different value from User.Identity.Name? (see 2.d below) I'm not sure if one call is within the context of the thread and the other in the context of the
process.
This table can help you understand the HttpContext.User.Identity better
Best Regards
XiaoYong Dai
Microsoft Online Community Support
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
LeonS
0 Points
1 Post
What Is Difference between using WindowsIdentity.GetCurrent() and HttpContext.User.Identity?
Apr 25, 2007 02:03 AM|LINK
Inside my ASP.NET app, I would like to obtain the authenticated windows user then have my backend code do the following:
1. Determine the group membership of the user ala Active Directory. Currently, I'm using DirectoryServices but I wonder if I can just use isRole(...) and pass in a list of group names from AD.
2. Access UNC shares using a predefine/set user account.
My questions are:
1. How do I have my ASP.NET page use windows authentication while having my IIS6.0 process execute code (e.g. accessing UNC share) using a set user account with limited permissions? I currenly have the webconfig set for windows auth. I'm not sure what I need to do within the IIS web site properties dialog to make sure it runs as a specify user.
2. I'm trying to get the authenticated user info. Why is WindowsIdentity.GetCurrent() returning a different value from User.Identity.Name? (see 2.d below) I'm not sure if one call is within the context of the thread and the other in the context of the process.
2.a //Prints "NT AUTHORITY\NETWORK SERVICE, 1064"
WindowsIdentity current = WindowsIdentity.GetCurrent();
Response.Write("WindowsIdentity Info: "+current.Name + ", "+current.Token+"<br />");
2.b //Prints "NT AUTHORITY\NETWORK SERVICE, 1064"
WindowsPrincipal wp = new WindowsPrincipal(current);
Response.Write("WindowsPrincipal Info via WindowsIdentity: "+wp.Identity.Name.ToString()+"<br>\n");
2.c //Prints My domain\username as expected
AppDomain myDomain = Thread.GetDomain();
myDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
WindowsPrincipal myPrincipal = (WindowsPrincipal)Thread.CurrentPrincipal;
Response.Write("WindowsPrincipal Info\nUser: "+myPrincipal.Identity.Name.ToString()+"\n");
2.d //Prints My domain\username as expected but using HttpContext
HttpContext myContext = HttpContext.Current; // I could just reference User.Identity.Name
Response.Write("\n\nHttpContext Info: "+myContext.User.Identity.Name+"\n");
Thank you.
Leon
Leon
"I'm not suffering from insanity. I'm enjoying every minute of it!"
XiaoYong Dai...
All-Star
38310 Points
4229 Posts
Re: What Is Difference between using WindowsIdentity.GetCurrent() and HttpContext.User.Identity?
Apr 27, 2007 06:51 AM|LINK
Add this to your web.config file to impersonate a user account rather the default NETWORK SERVICE account
<identity impersonate="true" userName="" password="" />
Then you can use this line of code.
System.Security.Principal.WindowsIdentity.GetCurrent().Name)
This table can help you understand the HttpContext.User.Identity better
Table IIS anonymous authentication
<div class=tablediv><authentication mode="Windows" />
WindowsIdentity
Thread
MACHINE\IUSR_MACHINE
-
<authentication mode="Windows" />
WindowsIdentity
Thread
MACHINE\ASPNET
-
<authentication mode="Forms" />
WindowsIdentity
Thread
MACHINE\IUSR_MACHINE
Name provided by user
<authentication mode="Forms" />
WindowsIdentity
Thread
MACHINE\ASPNET
Name provided by user
For more information please see this link, Hope it helps
http://msdn2.microsoft.com/en-us/library/aa302377.aspx
XiaoYong Dai
Microsoft Online Community Support
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.