WindowsIdentity in asp application always returns NT AUTHORITY\SYSTEM

Question

I have read a lot of suggestion over the past few days on how to get the current user in my asp application (developed using devexpress xaf) but so far nothing has worked for me. The return values of

WindowsIdentity.GetCurrent().Name

is always NT AUTHORITY\\SYSTEM. I tried suggestions like this and a couple found in the devexpress forum.

What i've thought should be working is

• set my app's Web.config to

include

  <system.web>
    <authentication mode="Windows" />
    <identity impersonate="true" />
    <authorization>
      <deny users="?" />
      <allow users="*" />
    </authorization>
  </system.web>

(i've also tried setting imporsonation above to false but without change)

• setting my site in IIS to use Windows Authentication

  • setting the application pool like this

But the result remains always NT AUTHORITY\\SYSTEM.

Answer 1

Since the "NT AUTHORITY\\SYSTEM" is member of "Builtin\\Administrator" SYSADMIN server role is granted by default. By default, the Local System Account is a member of the local Administrators group and is therefore a member of the sysadmin group in SQL Server.

To enable impersonation, set impersonate="true" for the identity element in web.config.

<system.web>
  <identity impersonate="true" />
</system.web>

Impersonation can also be enabled or disabled from IIS.

1. Select the web application in IIS
2. Double click on "Authentication" icon
3. Select ASP.NET Impersonation
4. Click "Disable" or "Enable" link under actions in the right hand side panel in IIS.
5. This will automatically change the web.config file.

set the "Managed pipeline mode" of the DefaultAppPool to "Classic".

Run the application, and notice that, the application code, is now executed, using 'NT AUTHORITY\\IUSR' account, instead of 'IIS APPPOOL\\DefaultAppPool'