[RESOLVED] HttpContext.Current.User.Identity.Name
I have been trying to perform security validation in a page using the credentials of the domain users ...
However, when I try to get the value in
Code:
HttpContext.Current.User.Identity.Name
is always returned blank.
PS: When I run the code in the IDE is returned "domain\user" ... but when the page is hosted on a IIS server, the returned value is always blank.
Any help? Thx in advance.
Greetings
Re: HttpContext.Current.User.Identity.Name
by the way... What I want to do is ensure that a page can be accessed only by certain users, using the web.config... something like this
Code:
<location path="default1.aspx">
<system.web>
<authorization>
<allow users ="domain\user2" />
<allow users ="domain\user1" />
<deny users ="*" />
</authorization>
</system.web>
</location>
i used
Code:
System.Security.Principal.WindowsIdentity.GetCurrent().Name
and this code returns the identity of the IIS Aplication Pool (NETWORK SERVICE)... and not the current User.
My IIS is configured allowing Anonymous Access, with Integrated Windows Authentication...
So, the question is: How to validate access to a page using the web.config settings for users who are in a domain?
Re: HttpContext.Current.User.Identity.Name
After some research I finally found an answer that solved my problem. I removed the anonymous access in IIS and in web.config added the following:
Code:
<authentication mode="Windows"/>
<identity impersonate="true"/>
<authorization>
<allow users ="krypton\zuperman" />
<deny users ="*" />
</ authorization>
I tested using the following code:
Code:
Imports System.Security
Protected Sub Page_Load (ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
As String Dim authUserName
As String Dim aspUserName
authUserName = User.Identity.Name
aspUserName = Principal.WindowsIdentity.GetCurrent.Name
authUserPrincipalLabel.Text = "You are" & authUserName
aspPrincipalLabel.Text = "This page runs as:" & aspUserName
End Sub
Both labels returns the current user...
When I try to enter a user that is not set to access in the web.config, IIS shows the access denied error ... exactly how it should do.
I hope I have solved my problem, however, like to keep the topic open to see if I can get other opinions...
Thx
Re: HttpContext.Current.User.Identity.Name
Hey,
Looks like you got the answer, that I was just in the process of typing (only just read your last post) and what you have is perfectly valid.
Gary
Re: HttpContext.Current.User.Identity.Name