stackoom
  简体   繁体   中英

Get current windows authenticated user from Active Directory in Asp.Net MVC

 原文  2018-03-23 11:00:22       c#/ asp.net-mvc-5/ active-directory/ windows-authentication

Question

I have a web application where the user needs permission on create/edit/delete post actions. The permissions are handled in a custom table in the database based on windows username and custom role name.

This is my code: 

var username = Environment.UserName;

using (HostingEnvironment.Impersonate())
{
    var ctx = new PrincipalContext(ContextType.Domain);
    var user = UserPrincipal.FindByIdentity(ctx, username);

    if (user != null)
    {
        var roleName = accessRepository.GetRole(username);

        if (string.IsNullOrEmpty(roleName) || roleName != Roles.admin.ToString())
        {
            hasAccess = false;
        }
    }
    else
    {
        hasAccess = false;
    }

    if (!hasAccess)
    {
        // redirect
    }
}

In web.config I have 

<authentication mode="Windows" />

and I have tried setting 

<identity impersonate="true" />

But it doesn't work. On the server I have tried setting the IIS to enable Asp.Net Impersonate and Anonymous Access and Windows Authentications in all variations of the three.

When I run this locally on my machine there's no problem, username is the username from my windows authentication from when I logged on to my machine.

But when I upload this to the server and go to the website on my local machine the username is the username from the server but not from my local machine.

Just to be clear, I don't want the user to log in to the web application. I want the web application to find out the windows authentication from active directory.

Is this not possible? Or am I not thinking it right?

1 answers

solution1
 2  2018-03-23 12:47:21

Just to be clear, I don't want the user to log in to the web application. I want the web application to find out the windows authentication from active directory.

This is the part that doesn't quite make sense. The only way to find out the user's AD account is if they authenticate with your application. They won't have to type in their credentials - but their credentials still get sent to your server and your server verifies they are correct. So in that sense, they are being "logged in".

This is achieved with Windows authentication. You are on the right track with this: 

<authentication mode="Windows" />

But make sure you also disable anonymous authentication. Then you can access the username of the user like this: 

HttpContext.Current.User.Identity.Name

That will be in the format of DOMAIN\\Username.

As a side note, Environment.UserName gets the username that the current thread is running under - basically, the credentials IIS is running under. On your development machine, that's your username (probably because you're using IIS Express). But on the server, it will be different.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Get data from the current authenticated user in ASP.NET/Blazor Server ASP.NET MVC 5: App Pool, Windows Authentication and Active Directory How to get current Active Directory user in ASP.NET when IIS is running under a service account How to get Active Directory current user Display Name in ASP.NET Core? Asp.Net Mvc 5 Azure Active Directory Get and save user profile image on server How to get/set custom Azure Active Directory B2C user attributes in ASP.NET MVC? Accessing Active Directory to get User's Manager in asp.net How to get the current Windows user with ASP.NET Core RC2 MVC6 and IIS7 Active Directory Authentication on ASP.NET MVC Azure active directory with ASP.NET MVC
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM