How to get at the current users windows identity

2019-01-20 09:07发布

问题:

The site is running on my local IIS 6.1. I Would like to add some features to pull information from our AD. My AD code works on many other projects and on my dev server. Here are my attempts at writing out the username:

Response.Write("1. " + this.Request.LogonUserIdentity.Name);
Response.Write("2. " + Request.ServerVariables["Auth_User"]);
Response.Write("3. " + WindowsIdentity.GetCurrent().Name.ToString());

The results I get are:

  1. NT AUTHORITY\IUSR
  2. administrator
  3. NT AUTHORITY\NETWORK SERVICE

How can I get at the actual windows username like ourdomain/username

Thanks

回答1:

This snippet shows how LogonUserIdentity is set (using reflector)

 if ((this._wr is IIS7WorkerRequest) && (((this._context.NotificationContext.CurrentNotification == RequestNotification.AuthenticateRequest) && !this._context.NotificationContext.IsPostNotification) || (this._context.NotificationContext.CurrentNotification < RequestNotification.AuthenticateRequest)))
        {
            throw new InvalidOperationException(SR.GetString("Invalid_before_authentication"));
        }
        IntPtr userToken = this._wr.GetUserToken();
        if (userToken != IntPtr.Zero)
        {
            string serverVariable = this._wr.GetServerVariable("LOGON_USER");
            string str2 = this._wr.GetServerVariable("AUTH_TYPE");
            bool isAuthenticated = !string.IsNullOrEmpty(serverVariable) || (!string.IsNullOrEmpty(str2) && !StringUtil.EqualsIgnoreCase(str2, "basic"));
            this._logonUserIdentity = CreateWindowsIdentityWithAssert(userToken, (str2 == null) ? "" : str2, WindowsAccountType.Normal, isAuthenticated);
        }

As you can see this has been changed for IIS 7. I believe you are using Windows Authentication + Impersonation so I would go with the last one (WindowsIdentity.GetCurrent()) which I am sure is the identity request being run with.



回答2:

There are two different windows user here - first one is your application user and second is user (or windows account) under which your ASP.NET application (application pool from IIS perspective) is running. WindowsIdentity.GetCurrent will typically return this reference.

To getting actual windows user that using the application, you must enforce authentication. To do that, you can enable integrated authentication (windows authentication) in IIS for the said web site. Also modify your ASP.NET configuration to use windows authentication. Now you can use HttpContext.Current.User.Identity to get the actual user.



回答3:

HttpContext.Current.User.Identity may be of use to you here.

Likewise System.Threading.Thread.CurrentPrincipal could help.

But the case might be that you actually have to set an identity instance as the user logs in (though not necessarily implement IPrincipal and the surrounding mechanisms, rather using the built-in WindowsIdentity implementation).

I'm not 100% percent on this, Windows Authentication might set this automatically for you to simply retrieve.

Also, check out this link from MSDN which describes basic user operations,



回答4:

Firstly, make sure that the website is within the intranet zone (eg just http://servername/ rather than http://www.servername.com/), or you need to add your FQDN to IEs Trusted Sites security settings.

Secondly, if you are not using the intranet zone, make sure IE is sending the credentials - Tools -> Internet Options -> Security -> Custom Level -> User Authentication -> Logon -> Automatic Logon with Current Username And Password



回答5:

Is the user logging in to the site using their AD domain/username, if so grab the username/domain at that point?

If not you won't be able to get this, if a random website could grab the domain/username of the current users login that would be a huge security issue wouldn't it?