I'm writing an ASP.NET v4.5.2 Windows Application / Windows Form for our sales team to use and I don't want them to have to log in. I want to compare their windows domain/userid to a userid that I have in a database for authentication. I can get the domain/userid to display correctly in Visual Studio by using:
string userLogin = Request.LogonUserIdentity.Name;
But when I deploy the application to our server this is what is displayed:
NT AUTHORITY\IUSR
The server is 2012 running IIS 8 and here are the settings for this web page:
Anonymous Authentication: Enabled
ASP.NET Impersonation: Disabled
Basic Authentication: Enabled
Digest Authentication: Disabled
Forms Authentication: Disabled
Windows Authentication: Enabled
I've read this:
Get Domain User ID in ASP.NET
and followed the instructions but run across problems.
The first problem is that when I Disable Anonymous Authentication in IIS I get a 404 - File or directory not found error.
Another problem is that when I put this tag in web.config
<authorization>
<deny users="?"/>
</authorization>
I also get the 404 error.
I have also changed authentication mode in web.config to this:
<authentication mode="Windows" />
And still get the 404 or incorrect domain/user information (depending on the IIS settings).
I've started a project named test just to debug this problem.
When I disable Anonymous Authentication in IIS the url changes to this:
servername/test/Account/Login?/ReturnUrl=%2Ftest%2FAccount%2FLogin%3FReturnUrl%3D%252Ftest%252FAccount%252FLogin%253FReturnUrl%253D%25252Ftest%25252FAccount%25252FLogin%25253FReturnUrl%25253D%2525252Ftest%2525252FAccount%2525252FLogin%2525253FReturnUrl%2525253D%252525252Ftest%252525252FAccount%252525252FLogin%252525253FReturnUrl%252525253D%25252525252Ftest%25252525252FAccount%25252525252FLogin%25252525253FReturnUrl%25252525253D%2525252525252Ftest%2525252525252FAccount%2525252525252FLogin%2525252525253FReturnUrl%2525252525253D%252525252525252Ftest%252525252525252FAccount%252525252525252FLogin%252525252525253FReturnUrl%252525252525253D%25252525252525252Ftest%25252525252525252FAccount%25252525252525252FLogin%25252525252525253FReturnUrl%25252525252525253D%2525252525252525252Ftest%2525252525252525252FAccount%2525252525252525252FLogin%2525252525252525253FReturnUrl%2525252525252525253D%252525252525252525252Ftest%252525252525252525252FAccount%252525252525252525252FLogin%252525252525252525253FReturnUrl%252525252525252525253D%25252525252525252525252Ftest%25252525252525252525252FAccount%25252525252525252525252FLogin%25252525252525252525253FReturnUrl%25252525252525252525253D%2525252525252525252525252Ftest%2525252525252525252525252FAccount%2525252525252525252525252FLogin%2525252525252525252525253FReturnUrl%2525252525252525252525253D%252525252525252525252525252Ftest%252525252525252525252525252FAccount%252525252525252525252525252FLogin%252525252525252525252525253FReturnUrl%252525252525252525252525253D%25252525252525252525252525252Ftest%25252525252525252525252525252FAccount%25252525252525252525252525252FLogin%25252525252525252525252525253FReturnUrl%25252525252525252525252525253D%2525252525252525252525252525252Ftest%2525252525252525252525252525252FAccount%2525252525252525252525252525252FLogin%2525252525252525252525252525253FReturnUrl%2525252525252525252525252525253D%252525252525252525252525252525252Ftest%252525252525252525252525252525252FAccount%252525252525252525252525252525252FLogin%252525252525252525252525252525253FReturnUrl%252525252525252525252525252525253D%25252525252525252525252525252525252Ftest%25252525252525252525252525252525252F
Keep in mind that I'm writing my own login and not using .NET's.
My apologies if this is a duplicate question but I've done a lot of reading on here and other blogs and still get the same behavior no matter what I try.
Thanks in advance for the help.
Related
I have an asp.net application on my server that uses WindowsAuthentication to log in. The scenario is simple: users logged in, will use the same credentials to login the application.
Certainly, on IISExpress on my machine works great, but when I try to login the application on server, the current user returned is DefaultAppPool.
I guess it's a missing impersonate config on IIS. I tried to get the current user with:
string username = HttpContext.Current.Request.LogonUserIdentity.Name;
string username = WindowsIdentity.GetCurrent().Name;
... and all of above returns the current user loggedin but only works on IISExpress, but not on server IIS.
IIS Express config
DefaultAppPool
- Framework Version 4.0
- Application Pool Identity
Application Authentication Config
Server Info
Windows 2008 R2 Enterprise
IIS 7.5
PD: Is not my best English
I had a similar issues; as far as I can tell it is because the web.config file needs to have the following entries:
<authentication mode="Windows" />
<identity impersonate="true" />
Also in your IIS/Authentication section in Internet Information Services (IIS) Manager, make sure only Anonymous Authentication and Windows Authentication is Enabled. I had ASP.NET Impersonation checked by mistake and it was giving me the same error you described in this post. Once I disabled that (along with the other modifications), it seems to be working fine.
I have an ASP.NET MVC4 website deployed on IIS with Windows Authentication enabled. My config file has this setting:
<authentication mode="Windows" />
<authorization>
<deny users="?" />
</authorization>
My understanding is that this will allow me to authenticate without having to type in credentials; i.e. an intranet site.
This works as intended, except for the first page load. When I first access the website, I am directed to the following URL:
http://localhost/SandboxWebsite/login.aspx?ReturnUrl=%2fSandboxWebsite
This is obviously a page that asks for credentials. When I then navigate again to http://localhost/SandboxWebsite/, I am automatically authenticated without having to enter any credentials.
Why is this occurring and how can I prevent it?
The problem was that, whilst anonymous access was disabled as a setting, there was no authorisation rule to deny anonymous users. Why this redirected me to Login.aspx I do not know, but I fixed it by adding the following rules.
IIS > MyWebsite > .NET Authorization Rules
John,
this is a long shot but have you tried using an address other than LocalHost to access the site ? It may be that your ASP.NET MVC4 website is expecting a specific domain name/computer name or IP address because of the way it was setup.
You could alter your hosts file to test this out.
Hope this helps.
Dorje
I've got windows authentication in one of web projects I've been working on. Due to all other have forms authentication, I want to implement it also in this particular project. I've followed this article http://www.codeproject.com/Articles/37558/Windows-Authentication-Using-Form-Authentication and added new login page, but after running project I've got redirected to the same default page it used before.
Here's changes which I made to web.config:
<authentication mode="Forms">
<forms loginUrl="login.aspx"></forms>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
What are my possible mistakes?
When switching to Forms Authentication from Windows Authentication, you'll need to disable Windows Authentication in IIS for your Application. It doesn't do it for you automatically when you enable Forms Authentication in the web.config.
You most likely have both Forms and Windows Authentication enabled in IIS on your Application. I believe IIS will default to Windows Authentication in that case and bypass your login form.
To check that, you can do the following:
Go to IIS
Locate your Application
Go to Authentication
Adjust the following
Anonymous Authentication: Enabled
ASP.NET Impersonation: Disabled
Basic Authentication: Disabled
Digest Authentication: Disabled
Forms Authentication: Enabled
Windows Authentication: Disabled
You can also disable Anonymous Authentication if you don't want a landing page prior to logging in as well.
I am working on ASP.Net MVC-4 application. I have to implement windows authentication.
I have set authentication mode as 'Windows' in web.config file as shown below.
<system.web>
<authentication mode="Windows" />
</system.web>
In controller I try to get username as below.
string userName = User.Identity.Name;
but every time I am getting empty value.
Please let me know for any suggestions.
Thanks in advance.
Windows authentication is performed by IIS to establish our managed code User.Identity. Therefore, you need to enable Windows Authentication in your IIS, and in order to force the user to authenticate before being able to access our application, you need to disable Anonymous Authentication
With the given information, it looks like you've configured your project correctly but haven't actually authenticated the user yet.
First some background. There is a simplified tutorial on asp.net where, in between the lines, the following statement is mentioned:
By default, the ASP.NET Development Web Server executes all pages in the context of the current Windows account (whatever account you used to log into Windows).
This means that when you run your project with F5, it executes everything under your currently logged in user account. However, it isn't yet authenticated for the application and therefor your User.Identity.* is not set yet.
In order to verify if this is the case, you should add the [Authorize] attribute on the first controller (or Action) that is called in you ASP.NET MVC project. Most likely you'll be confronted with a "HTTP Error 401.0 - Unauthorized" exception. In this case, you should enable your webserver to authenticate first. The above mentioned tutorial will help you with this.
I am developing a simple ASP.NET website that will run on the intranet on a WS2008(IIS7) box and respond to users running XP/IE8. Everything is domain connected and I am trying to automatically login the users much like SharePoint does.
On my dev machine (XP), when running the site through VS, everything works. I can pickup on the user perfectly. I am using the following settings:
<authentication mode="Windows"/>
<identity impersonate="true"/>
<anonymousIdentification enabled="false"/>
<authorization>
<allow users="*"/>
<deny users="?"/>
</authorization>
However, when I publish to the WS2008 box, it doesn't work. Clearly I am missing a setting in IIS7 to support this.
I have the following set for Authentication on the site:
Anon Auth - Enabled
ASP.NET Impersonation - Enabled
Basic Auth - Disabled
Forms Auth - Disabled
Windows Auth - Disabled
What am I missing?
Thanks
Try disabling anonymous login from the iis. Go to the security options for the site on IIS and uncheck the Enable Anonymous login. Make sure that windows authentication is checked.
Edit:: If the login box appears when trying to login with IE, there is a setting that you can set so that IE sends the username when used in the intranet sites. Go to tools > internet options > security and in the security settings select the option Automatic Logon with current username and password or Automatic Logon only in intranet Zone You have to make sure that the site you are trying to use is added in the intranet zone.
There is a similar setting with firefox and chrome I believe but I am not sure how to set it up
You need to enable "Windows Authentication" in IIS and disable "Anon Auth"
Here are the settings, you should be using:
Anon Auth - Disabled
ASP.NET Impersonation - Enabled
Basic Auth - Disabled
Forms Auth - Disabled
Windows Auth - Enabled
Consider also the intranet zone settings for the browser, as well as the security settings. Try adding other flavors/variations of the URL to the intranet sites zone in IE. My understanding is this is how IE determines if it should automatically submit credentials instead of prompting.