How to get at the current users windows identity

Question

The site is running on my local IIS 6.1. I Would like to add some features to pull information from our AD. My AD code works on many other projects and on my dev server. Her

Answer 1

There are two different windows user here - first one is your application user and second is user (or windows account) under which your ASP.NET application (application pool from IIS perspective) is running. WindowsIdentity.GetCurrent will typically return this reference.

To getting actual windows user that using the application, you must enforce authentication. To do that, you can enable integrated authentication (windows authentication) in IIS for the said web site. Also modify your ASP.NET configuration to use windows authentication. Now you can use HttpContext.Current.User.Identity to get the actual user.

Answer 2

Is the user logging in to the site using their AD domain/username, if so grab the username/domain at that point?

If not you won't be able to get this, if a random website could grab the domain/username of the current users login that would be a huge security issue wouldn't it?

Answer 3

HttpContext.Current.User.Identity may be of use to you here.

Likewise System.Threading.Thread.CurrentPrincipal could help.

But the case might be that you actually have to set an identity instance as the user logs in (though not necessarily implement IPrincipal and the surrounding mechanisms, rather using the built-in WindowsIdentity implementation).

I'm not 100% percent on this, Windows Authentication might set this automatically for you to simply retrieve.

Also, check out this link from MSDN which describes basic user operations,

Answer 4

Firstly, make sure that the website is within the intranet zone (eg just http://servername/ rather than http://www.servername.com/), or you need to add your FQDN to IEs Trusted Sites security settings.

Secondly, if you are not using the intranet zone, make sure IE is sending the credentials - Tools -> Internet Options -> Security -> Custom Level -> User Authentication -> Logon -> Automatic Logon with Current Username And Password

Answer 5

This snippet shows how LogonUserIdentity is set (using reflector)

 if ((this._wr is IIS7WorkerRequest) && (((this._context.NotificationContext.CurrentNotification == RequestNotification.AuthenticateRequest) && !this._context.NotificationContext.IsPostNotification) || (this._context.NotificationContext.CurrentNotification < RequestNotification.AuthenticateRequest)))
        {
            throw new InvalidOperationException(SR.GetString("Invalid_before_authentication"));
        }
        IntPtr userToken = this._wr.GetUserToken();
        if (userToken != IntPtr.Zero)
        {
            string serverVariable = this._wr.GetServerVariable("LOGON_USER");
            string str2 = this._wr.GetServerVariable("AUTH_TYPE");
            bool isAuthenticated = !string.IsNullOrEmpty(serverVariable) || (!string.IsNullOrEmpty(str2) && !StringUtil.EqualsIgnoreCase(str2, "basic"));
            this._logonUserIdentity = CreateWindowsIdentityWithAssert(userToken, (str2 == null) ? "" : str2, WindowsAccountType.Normal, isAuthenticated);
        }

As you can see this has been changed for IIS 7. I believe you are using Windows Authentication + Impersonation so I would go with the last one (WindowsIdentity.GetCurrent()) which I am sure is the identity request being run with.