使用 c# 和 IIS 10 进行域身份验证

Question

thank you in advance for any advice given. I have been tasked with creating a web app for our HR department and I have one last issue to sort out, authentication. We are running IIS 10 on a Windows Server 2019 Data Center server. Our websites are setup as virtual servers under the DefaultWebSite. Under IIS | Authentication I have windows & anonymous enabled. This web site will only be accessed internally.

The web site is created using Visual Studio 2019 with c# on the backend. I have tried to use the following to get the userID

userName = System.Environment.UserName.ToString();
userName = HttpContext.Current.User.Identity.GetUserId();
userName = User.Identity.GetUserId();
userName = System.Security.Principal.WindowsIdentity.GetCurrent().ToString();

They each return either null or an empty string. This is the from the web.config file

<system.web>
    <authentication mode="Windows" />

I am used to doing this through classic ASP where you can just read the environment variable and get the logged in user, query AD and provide or deny access.

So the ask is either 1) use the current user context and determine access to the web page 2) have the user login to the site and store the login information in SQL.

Thank you for your time

David

Answer 1

You should turn on impersonation so that you will get the user info:

<configuration>
  <system.web>
    <identity impersonate="true" />
  </system.web>
</configuration>

And also you should turn off Anonymous Authentication.

For more info: Using IIS Authentication with ASP.NET Impersonation