Just like the title states. Need the windows logon and domain info from within our asp.net page.
I tried
string userName = System.Security.Principal.WindowsIdentity.GetCurrent().Name;
but it returns the IIS App Pool not the user name
Thanks
Try HttpContext.User, accessible simply as User from the code behind. It returns both the domain and username, but should be easy enough to trim for your needs. It's worked for me in the past. You can also use this to manage roles in your application, if you need to.
EDIT
Below are the relevant portions of my web.config. I also used aspnet_regsql.exe to setup the tables needed for the role manager in my database. I could then use User.Identity.Name and User.Identity.IsInRole
<connectionStrings>
<clear/>
<add name="SqlRoleManagerConnection"
connectionString="myConnectionString">
</add>
</connectionStrings>
<system.web>
<authentication mode="Windows" />
<authorization>
<deny users="?"/>
</authorization>
<roleManager enabled="true" defaultProvider="SqlRoleManager">
<providers>
<clear/>
<add name="SqlRoleManager"
type="System.Web.Security.SqlRoleProvider"
connectionStringName="SqlRoleManagerConnection"
applicationName="myAppName" />
</providers>
</roleManager>
</system.web>
This is my code in VB.net
var strUser = System.Web.HttpContext.Current.User.Identity.Name
so C# must be in the lines of: (not tested)
string strUser = System.Web.HttpContext.Current.User.Identity.Name;
In the Web.Config file
<configuration>
<system.web>
<authentication mode="Windows"/>
<identity impersonate="true" />
</system.web>
</configuration>
Related
I'm trying to develop an ASP.NET MVC application which has few views. I have the following code for controller to restrict access for users:
Controller:
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public ActionResult Login(LoginModel model, string returnUrl)
{
if (ModelState.IsValid)
{
if (Membership.ValidateUser(model.UserName, model.Password))
{
FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
if (!string.IsNullOrEmpty(model.ReturnUrl))
return Redirect(model.ReturnUrl);
return RedirectToAction("Edit", "Home");
}
ModelState.AddModelError("Password", "The user name or password provided is incorrect");
}
// if we got this far, something failed, redisplay form
return View(model);
}
In Web.Config:
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Home/Login" timeout="10" />
</authentication>
<authorization>
<allow users="*" />
</authorization>
<membership defaultProvider="LabourTimeProvider">
<providers>
<clear />
<add name="LabourTimeProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider" connectionStringName="LabourTime" attributeMapUsername="sAMAccountName" />
</providers>
</membership>
<roleManager defaultProvider="CustomRoleProvider" >
<providers>
<clear />
<add name="CustomRoleProvider" type="LabourTime.CustomRoleProvider" />
</providers>
</roleManager>
</system.web>
<location path="Home/Login">
<system.web>
<authorization>
<allow roles="mydomain\mygroup" />
<deny users="*" />
</authorization>
</system.web>
</location>
<location path="Home/Edit">
<system.web>
<authorization>
<allow roles="mydomain\mygroup" />
<deny users="*" />
</authorization>
</system.web>
</location>
In location path, if I use something like,
allow users = "my-user", it is working fine. Only the user is having access.
However, I would like a group of users in the mygroup to access the page. I don't know how to achieve this. I tried this code by doing some research but it didn't work. What to do I do in order to get access for the whole group?
When I try to login using an ID from the group, it doesn't work. Any suggestion is appreciated. Thanks!
There are different ways of achieving access by groups. Since you already use attributes I would suggest using the following approach:
[Authorize(Roles="Administrators")]
public class AdminController : Controller
{
.....
}
When you wanna put logic within your code you can use a construction like this:
if (Roles.IsUserInRole(userName, "ConfirmedUser")
{
.....
}
In your example, it is clear you are talking about a domain joined users group (part of an Intranet). In general Group Policy Objects (GPO) and Security Groups (SGs) are created within in Active Directory (AD), and domain users are member of these SGs.
In other cases DB hosted on DB Server can also be linked to same SGs, and in some cases DBs are not linked to any AD SGs, but have a different login account for an added security.
Access to these SGs are managed by IT Support Specialists of a given organization.
<authorization>
<allow users="*" />
</authorization>
Having said that, upon using <allow users="*" /> within Web.config will only allow domain users whose domain accounts are member of their appropriate Security Groups (SGs), created for their organization with in Active Directory (AD). As long as the application being developed is deployed on Application server joined to same domain, the GPOs and SGs security automatically gets synchronized to users and computer accounts for that domain. Therefore, only users member of SGs are able to access the application within an Intranet.
Using Visual Studio 2015 Community, EF 6, ASP.NET MVC 5, Oracle, and using a database-first approach.
I'm trying to setup my application so that an AD and a list of users are the only ones who can access it. The list of users will not be in this AD group. This is for an internal application. In my web.config file I have the following
<authentication mode="Windows" />
<authorization>
<deny users="?" />
</authorization>
<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider">
<providers>
<clear />
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
</providers>
</roleManager>
Above each of my controllers I have the following:
[Authorize(Roles = #"domain\AD_Group, domain\user1,domain\user2,domain\user3")]
public class HomeController : Controller
I've tried different ways of handling this with:
[Authorize(Roles = #"domain\AD_Group" Users = #"domain\user1,domain\user2,domain\user3")]
And
[Authorize(Roles = #"domain\AD_Group")]
[Authorize(Users = #"domain\user1,domain\user2,domain\user3")]
But nothing seems to work. Either everyone loses access or only the AD has access. What am I doing wrong? Should I handle this in the web.config file rather than my current method? What would that look like? Thanks.
I have problem with using my Custom Role Provider.
I`ve made class CustomRoleProvider : RoleProvider and method string [] GetRolesForUsers() is overrided:
public override string[] GetRolesForUser(string username)
{
string[] s = { "StandardAdmin" };
return s;
}
My web.config now looks like:
<roleManager enabled="true" defaultProvider="AccessRoleProvider" >
<providers>
<clear />
<add name="AccessRoleProvider" type="Formularz.Memberships.AccessRoleProvider" applicationName="/" />
</providers>
</roleManager>
and
<location path="Memberships.AdminsListPage.aspx">
<system.web>
<authorization>
<allow roles="SuperAdmin"/>
<deny users="*"/>
</authorization>
</system.web>
I have no idea why i can access AdminsListPage.aspx, so I hope you could give some advice for me.
Thank you in advance, Peter
I'm trying to authenticate users through LDAP in C#. Each time I try to log in, I get the 'Input string was not in a correct format' error.
This is my connection string:
<connectionStrings>
<add name="MyConnectionString" connectionString="LDAP://123.193.111.22:389.local" />
</connectionStrings>
<system.web>
<roleManager enabled="true" />
<membership defaultProvider="MyMembershipProvider"><providers>
<add name="MyMembershipProvider"
connectionStringName="MyConnectionString"
type="System.Web.Security.ActiveDirectoryMembershipProvider,
System.Web, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a"
connectionUsername="MyUsername"
connectionPassword="MyPassword"
connectionProtection="Secure"
enableSearchMethods="true" />
</providers>
</membership>
<trust level="Full" />
</system.web>
<authentication mode="Forms">
<forms name=".ADAuthCookie" loginUrl="~/Admin/Login"
timeout="450" slidingExpiration="false" protection="All"/>
</authentication>
The error seems to be at type="System.Web.Security.ActiveDirectoryMembershipProvider. Any suggestions would be greatly appreciated. Thanks!
I've managed to figure it out. Had to rework the membership provider code and now I'm able to authenticate users.
I'm all of a sudden getting the following error with my Web.config file and I don't understand what it means:
Parser Error Message: The attribute 'connectionStringName' is missing or empty.
Line 24: <providers>
Line 25: <clear />
Line 26: <add name="SMDPortalMembershipProvider" type="SMDPortalMembershipProvider" />
Line 27: </providers>
Line 28: </membership>
Source File: c:\inetpub\wwwroot\web.config Line: 26
Version Information: Microsoft .NET Framework Version:4.0.30319;
ASP.NET Version:4.0.30319.272
Here's my config file:
<?xml version="1.0"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<connectionStrings>
<add name="ApplicationServices"
connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|\aspnetdb.mdf;User Instance=true"
providerName="System.Data.SqlClient"/>
</connectionStrings>
<system.web>
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="UODOTNET, Version=2.2.5.7444,
Culture=neutral, PublicKeyToken=335F3FBD4BE82339"/>
<add assembly="System.Core, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
</assemblies>
</compilation>
<authentication mode="Forms">
<forms loginUrl="Default.aspx" timeout="2880" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
<membership defaultProvider="SMDPortalMembershipProvider">
<providers>
<clear />
<add name="SMDPortalMembershipProvider" type="SMDPortalMembershipProvider" />
</providers>
</membership>
<customErrors mode="Off"/>
<sessionState cookieName="smd_portal_session" timeout="100"/>
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
There is no error when I load the Default.aspx page, but as soon as my code calls upon the Membership class I'm getting the error.
Your membership provider's config section needs a connectionStringName attribute. Without that connectionStringName, it doesn't know what database to look for membership information in.
You need to add the name of one of your the connection strings in the connectionStrings section to the add tag on line 26.
The connectionStringName attribute is required in order for your Web.Config to be valid. You can't use the Membership class without it.