Last post Jul 12, 2016 05:31 AM by Nan Yu
Jul 11, 2016 01:22 PM|ajmaly|LINK
I have created an MVC 5 Application with Windows Authentication,
<authentication mode="Windows" />
<deny users="?" />
I have below code to get user's Display name along with I also want to do validation,
protected void Session_Start(object sender, EventArgs e)
if (Context.User != null)
private void MapUserADDetails(IPrincipal user)
using (var domain = new PrincipalContext(ContextType.Domain, "test.com"))
using (var usr = UserPrincipal.FindByIdentity(domain, user.Identity.Name))
if (usr == null)
Now I am hosted this app to IIS with only windows authentication enabled. When I am browsing it, it's prompt for userName and Password,
Even I am entering wrong username/password or even doesn't fill anything, it's able to fetch Display Name.
How to restrict this? User/Pass must be validate against the AD. Please suggest. Thanks!
Jul 12, 2016 05:28 AM|meeyourmark|LINK
You user iis express or IIS full version ?
Jul 12, 2016 05:31 AM|Nan Yu|LINK
Hi ajmaly ,
Please make sure Anonymous Authentication should be disabled, and Windows Authentication enabled in IIS. When apply windows authentication,users are logged in automatically and their identity is stored in the Identity property of the User object. The User
object is an instance of the IPrincipal interface. You can get the name of the user from User.Identity.Name. The value returned from this is in the form DomainName\UserName or MachineName\UserName. Please read below articles for details :