Last post Jul 08, 2016 08:53 AM by PatriceSc
Jul 05, 2016 11:55 AM|Anjeleena|LINK
I have to implemet the Web api- Rest service with Windows authentication enabled. How I can implement this so that I can track the Primary and Windows Identities of the user. when Windows mode enabled. Not able to track the primary users identity
and also it seems the published service is working only when the Anonymous authentication is enabled.
Is OAuth is the only solution to this issue..?
Jul 05, 2016 11:34 PM|PatriceSc|LINK
Not sure to get what you call the "primary" user identity and now it differs from the "Windows Identity"? Do you mean that User.Identity.Name doesn't return the expected user name? What does it return instead? Have you tried to return the AuthenticationType
to see what it is?
When something doesn't work try to tell what happens as directly as possible to leave less room to interpretation on both your side and our side. It should make easier to understand what happens on your side and then what could cause the particular situation
Ah or you try to get the "Windows identity" of external users coming to your own site? (which will never work).
Jul 06, 2016 02:34 AM|Yohann Lu|LINK
From your description, I found you want to track the Primary and Windows Identities of the user. The following tutorials may give you a clear idea.
Windows Authentication in Asp.Net Web Application:
Replacing forms authentication with WIF’s session authentication module (SAM) to enable claims aware identity:
Jul 07, 2016 11:03 AM|Anjeleena|LINK
Sorry for the inconvenience caused.
I have configured application for Windows authentication enabled and I am getting ServiceSecurityContext.Current.WindowsIdentity ,User.Identity.Name all these properties as null.
So everytime when I cal these services from client application, I am getting unauthorized request error.
Tried both the below methods.
public string WindowsIdentity()
string strUserName = string.Empty;
if (strUserName == String.Empty)
if (ServiceSecurityContext.Current != null)
if (ServiceSecurityContext.Current.WindowsIdentity != null)
strUserName = ServiceSecurityContext.Current.WindowsIdentity.Name;
catch (Exception ex)
public string PrimaryIdentityUser()
string strUserName = String.Empty;
strUserName = User.Identity.Name;
catch (Exception ex)
return strUserName ;
The client side is like
using (var client = new HttpClient())
// TODO - Send HTTP requests
client.BaseAddress = new Uri("http://BasicUrl/");
// HTTP GET method
HttpResponseMessage response = await client.GetAsync("api/Controller/Method");
string result = await response.Content.ReadAsAsync<string>();
Console.WriteLine("Sorry! Method got an exception. " + response.ReasonPhrase);
Jul 07, 2016 11:24 AM|PatriceSc|LINK
For Windows authentication, on the client side try:
HttpClientHandler handler = new HttpClientHandler()
UseDefaultCredentials = true
HttpClient client = new HttpClient(handler);
If catch blocks are really empty, I would get rid of them (it does nothing else than hiding exceptions which is the last thing you want).
Make sure having a console app calling your service, both being in the same domain is a good match for your final setup (for example a beginner could think it will work even if the console app runs in some other foreign domain and call its API over internet).
Jul 07, 2016 11:56 AM|Anjeleena|LINK
Thanks for your reply.
But I had tried this also, still it was not returning the Identity..
using (var client = new HttpClient(new HttpClientHandler()
UseDefaultCredentials = true,
Catch blocks are not empty really, for now I havent added the code here.
Jul 07, 2016 12:19 PM|PatriceSc|LINK
And so to start on the right track what happens? For now it seems you are telling both that :
- I'm getting unauthorized request error
- all these properties as null (how do you know if your code can't run? AH or could it be that you return yourself an unauthorized status if an exception happens ?)
If it never worked what if you try first on localhost , just pointing your browser to your "PrimaryIdentityUser" API. Does it work ? If yes, proceed further (for example with your console app on your own machine until it fails again). If not what if you
return User.Identity.IsAuthenticated instead ?
Not sure but maybe before that I would check if the server is in the "intranet zone" in case it could be this kind of issue.
For now it is still a bit unclear if you can't reach your api at all or what...
it was not returning the Identity
Instead always tell what happens. It will be easier to guide you. So first do you even reach your PrimaryIdentityUser Api method?
Jul 07, 2016 02:28 PM|Anjeleena|LINK
The priority issue is with WindowsIdentity() function. both from local and from published link, ServiceSecurityContext.Current !s getting as null. So ServiceSecurityContext.Current.WindowsIdentity.Name returns null as identity. it seems,
that was the real issue behind the scene.
Jul 07, 2016 02:51 PM|PatriceSc|LINK
And which information are you trying to get from this? Never tried but I would say that ServiceSecurityContext is for WCF and not for Web API. Assuming it is working, at best it would return AFAIK the same name ?
So IMO check first if you get the basic information you need. If it is ok just stick with what is exposed by the ApiController. If you need some additional information post about your exact need.
Edit: if you want you could perhaps try to create a quick WCF service and see if ServiceContextSecurity is then non null. It would confirm this is for WCF rather than for Web API.
https://sankarsan.wordpress.com/2010/07/25/identity-securitycallcontext-in-wcf/ which seems to confirm this is for WCF. It seems that with WCF you could know at least in some cases the Windows Identity even if the service is accessed with another identity
(keep in mind it was not http only) but I doubt it makes sense for a web API.
Double check what you need.
Jul 08, 2016 05:47 AM|Anjeleena|LINK
But the issue I am facing is not resolved yet. 'PrimaryIdentityUser' method is returning domain\userName, when trying fromlocal machine. but from published service its returning exception with Unauthorized. I am unable to get the Users identity in windows
authentication mode. I st here anything wrong in my code or Do I need any extra IIS settings otherthan Windows authentication enabled.
Please help me on this
Jul 08, 2016 08:53 AM|PatriceSc|LINK
And you'll really use a console app? To start what if you try with a console app to localhost first. Does it work?
For the remote machine, it is in the same domain, in the intranet zone and the account user itself is authorized? I would pojnt first a browser to this location. You could also try to create a web page or check the IIS log. For now I'm trying to make 100%
sure if the issue is that credentials are correctly passed but that the domain user you are using is not authorized for some reason...
(BTW it might be better to close this thread and open a new one).