Using Anonymous Access to get the Windows Login Name?

[kevchadders]

A strange question…

I have an ASP.NET application that is set for anonymous access, but I was wondering if there is still a way to find out which user is accessing the webpage even though it’s set to anonymous?

Its so that we can allow users access to the web pages without logging in, but we can also audit trail what they do by picking up there login credentials in some way.

I was looking at using their IP address as a route to finding out this info. Does anyone have any ideas?

(The IIS website is hosted on a Novell Network)

Thanks

[mendhak]

Look at the server variables collection for LOGON_USER. Try checking the User.Identity.Name as well if you have Windows Authentication and Anonymous checked (both).

You could do IP address as well, but it's not necessary that their true IP address show up, as it could be the proxy server that they're browsing through. You may also want to look at X-FORWARDED-FOR ( I think that's the correct name)

[kevchadders]

The server variables where blank and so was the User.Identity.Name

I also tried...

System.Security.Principal.WindowsIdentity.GetCurrent().Name
System.Threading.Thread.CurrentPrincipal.Identity.Name

again no luck.

Obviously this is to be expected due to it being set to Anonymous!

Thanks for you help Mendhak, i'll look at using the X-FORWARDED-FOR with getting the correct IP address.

Would you know of a command (ASP or DOS) which i can use that will use the IP address to return back the login name?