I'm starting a new Web Forms app that's meant to run only as an Intranet application. We're a Microsoft shop, and all users log into our company's Active Directory. I'd like to be able to display the user's name in a small label (scan) on the page via the
Site.Master file. I've searched online and it looked as though I could use this line:
string strName = Request.ServerVariables["AUTH_USER"];
However, when I turned Trace on for the Default.aspx page, I discovered that the server variable AUTH_USER was empty, so that doesn't look like it's going to work for me. So how can I get it done?
I'm using .NET 4.5 in VS 2012.
Try this: string strName = this.Context.Request.LogonUserIdentity.Name
That gives me:
NT AUTHORITY\IUSR
This will most likely only work if you deny anonymous users. If anonymous users are allowed it's just running within the security context of the application pool's user account, which is IUSR.
I use this:
strName = HttpContext.Current.User.Identity.Name
Hi,
Always use User.Identity.Name that returns the current user regardless of which authentication method is used. If blank, check User.IsAuthenticated to confirm that a proper authentication method is currently not in place.
More likely you perhaps enabled Windows authentication but forgot to disable anonymous authentication in which case anonymous authentication is still used...
markfitzme
This will most likely only work if you deny anonymous users. If anonymous users are allowed it's just running within the security context of the application pool's user account, which is IUSR.
Please correct me if I'm wrong, but if I deny anonymous users, won't that require the user to log in? This is meant to be an Intranet application and so anyone sitting at their Windows PC in our network should be able to get in without having to log in.
However, if I'm wrong please let me know.
Exactly, if they are an intranet user you would not need anonymous logon. The only time you would need that is if you were using webforms security for an internet application.
It's been a while since I deployed an intranet app, but if you're using windows authentication instead of forms, then the user has already logged into the domain and that should be the account the app will use for login credentials.
Here is a reference I found: http://weblogs.asp.net/scottgu/Recipe_3A00_-Enabling-Windows-Authentication-within-an-Intranet-ASP.NET-Web-application
Yes but if you don't need anonymous authentication it might be easier to just disable this rather than to deny access to anonymous users. Anyway please do check User.IsAuthenticated. If false your current config is not correct and either you'll have to fix
this or you could just disable anonymous authentication toa make sure it just can't be used.
markfitzme
It's been a while since I deployed an intranet app, but if you're using windows authentication instead of forms, then the user has already logged into the domain and that should be the account the app will use for login credentials.
Here is a reference I found: http://weblogs.asp.net/scottgu/Recipe_3A00_-Enabling-Windows-Authentication-within-an-Intranet-ASP.NET-Web-application
This was helpful. Here's the steps I took:
- Went into IIS on my Windows 7 machine, and the IIS | Authentication for Windows Authentication from Disabled to Enabled (which is what I think Scott Gu would have meant for Windows 7).
- Added these lines to my Web.Config:
Next I ran the app using F5. It did come up, and it did show me as the authenticated user, as well as the domain I'm on. But it didn't do that without complaints. It raised this error:
沒有留言:
張貼留言