stackoom
  简体   繁体   中英

How to check domain name of user without logging in

 原文  2017-12-13 19:16:27       c#/ asp.net-mvc/ active-directory/ owin/ windows-authentication

Question

I have a MVC 5 application which uses OWIN and identity2.0 for authentication. My application require mixed authentication:

  • for users not a domain lets say "dom1", they should see a form based page
  • for users on domain "dom1" they should be logged in via windows authentication.

I want to know how can I get the domain name of user without authentication, at the time when user first hit my Account/Login action.

I have used : 

PrincipalContext pcontext = new PrincipalContext(ContextType.Domain);
var domainName = pcontext.ConnectedServer;

and 

System.Security.Principal.WindowsIdentity context = System.Security.Principal.WindowsIdentity.GetCurrent();
var domainName = pcontext.Name;

BUT both of these shows domain name of machine where website is deployed and not of the client's domain.

Any help is much appreciated and please correct me if I am doing any blunder.

2 answers

solution1
 1  2017-12-13 19:46:15

The domain can be seen here 

Environment.UserDomainName

Gets the network domain name associated with the current user.

Per the MSDN documentation :

The UserDomainName property first attempts to get the domain name component of the Windows account name for the current user. If that attempt fails, this property attempts to get the domain name associated with the user name provided by the UserName property. If that attempt fails because the host computer is not joined to a domain, then the host computer name is returned.

If you're not authenticated, you'll unfortunately see the host computer name. No way around this that I'm aware of.

You can also get the ip of the client's request here 

HttpRequest.UserHostAddress

solution2
 1 ACCPTED  2017-12-14 13:51:50

"without authentication"? You can't. The Windows authentication has to be completed before you can see the user's account.

This is because of how Windows authentication works:

  1. The browser accesses the site anonymously.
  2. IIS returns a 401 response
  3. The browser responds by making the request again with the Windows credentials included
  4. IIS verifies the credentials with the domain controllers
  5. IIS passes the verified Windows credentials to your application.

The only time your application can see anything about the user's account is at step 5 - after the authentication is successfully complete.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to check if the user is not logging to a Domain account How to check if Windows user account name exists in domain? How to check if user with [UserName] and [Password] is domain administrator of [DomainName] without impersonation? How to: Check if current user is member of ‘domain admins’ getting domain user name without windows prompt using c# How to check for session null on master page without logging out How to check in Powershell if IP address or hostname is a localhost? Without domain DNS How to check if login user belongs to domain admin group in active directory? How to reliably check the windows domain id of current user on a workstation How to get username and SID for user by a domain name in ldap
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM