从Web应用程序检索原始用户身份

Question

Summary of the question : In ASP.net, if you use credentials to invoke a web service, how can you retrieve the original user logged in to the web application calling the web service?

Explanation:

We have a web application, invoking a web service. Both are ASP.NET, currently 2.0.

The user logs in to the web application (Windows authentication), but to call the web service we use specific credentials:

   proxy.PreAuthenticate = true;
   proxy.Credentials = new System.Net.NetworkCredential(UserName, Password);

From the invoked web service, if we access the identity attribute of the webservice class ( WebService.User.Identity ) it gets the original user logged in , not these credentials.

However, when switching to Federation Authentication and .NET 4 in the web service, now WebService.User.Identity retrieves the special credentials.

Summing up, invoking the same web method with the same credentials, WebService.User.Identity returns:

• .NET 2 + Windows authentication: original username of the logged in user

• .NET 4 + Federation authentication: credentials used in the method call

How can I change it to get the original user logged in in .NET 4 with federation authentication?

EDIT: Some more information, in .NET 2 the server variables related to the user are:

• AUTH_USER: user logged in
• LOGON_USER: special user credentials
• REMOTE_USER: user logged in

And as I said, in .NET 4 the 3 server variables are the special user credentials.

Answer 1

Hi Can you give a try to below code to get the original logged in user:

        string serverVariable = Request.ServerVariables["AUTH_USER"].ToString();
        string[] authUser = serverVariable.Split('\\');
        string strUserName = authuser[0];
        string strDomain = authUser[1];