简体   繁体   English


[英]How to get the username of windows authenticated user in asp.net?

I have an single page application running in our Intranet. 我的Intranet中运行着一个单页应用程序。 Users are authenticated by Windows Authentication (their domain-user). 用户通过Windows身份验证(其域用户)进行身份验证。 When clicking a button I want to send a request (using $http, Angular) to an aspx-page that has the following code: 当单击按钮时,我要向具有以下代码的aspx页发送请求(使用$ http,Angular):

        string result = "Unknown";
        var loggedOnUser = System.Security.Principal.WindowsIdentity.GetCurrent();
        if (loggedOnUser != null) {
            int index = loggedOnUser.Name.LastIndexOf("\\", StringComparison.Ordinal) + 1;
            result = loggedOnUser.Name.Substring(index);
        var json = "{ \"User\" : \"" + result + "\"}";
        Response.ContentType = "text/json";

This code only gives me the name of the user that is registered in the Application Pool. 该代码仅给我提供在应用程序池中注册的用户的名称。 Thats not very surprising indeed so I guess I need to do some impersionating here? 那的确不是很令人惊讶,所以我想我需要在这里做一些事吗? The reason for doing this is that I want the username in my javascript so that it can be sent as a paramter in other calls to the server. 这样做的原因是我希望在JavaScript中使用用户名,以便在其他调用中将其作为参数发送到服务器。 I have searched the web and everyone says that getting the logged-in users username is a big security breach. 我在网上搜索过,每个人都说获取登录用户的用户名是一个重大的安全漏洞。 And I do see that. 我确实看到了。 But I may be a workaround when it is done in a way that involve server-code? 但是当以涉及服务器代码的方式完成时,我可能是一种解决方法?

Any suggestions? 有什么建议么?

Thanks! 谢谢!

I got like this on Login click 我在Login点击时就这样

 protected void btnLogin_Click(object sender, EventArgs e)
            string UserName = "";
            string activeDomain = System.Security.Principal.WindowsIdentity.GetCurrent().Name.ToString();
            string strName = HttpContext.Current.User.Identity.Name.ToString();

            if (strName == "")
                UserName = activeDomain;
                UserName = strName;

            if (UserName == "")
                lblMsg.Text = "Invalid Credentials. Please contact administrator!";
                LP.UserName = UserName;
                DataSet dsUserName = LBLL.validate_user(LP);
                if (dsUserName.Tables[0].Rows.Count > 0)
                    Session["UserName"] = dsUserName.Tables[0].Rows[0]["userName"].ToString();
                    Session["entityUID"] = dsUserName.Tables[0].Rows[0]["entityUID"].ToString();
                    Response.Redirect("~/index.aspx", false);
                    lblMsg.Text = "Invalid Credentials. Please contact administrator!";
        catch (Exception ex)


声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

粤ICP备18138465号  © 2020-2024 STACKOOM.COM