ansaurus

Question

User.Identity.Name blank in ASP.Net MVC

Answer 1

+5 A:

Sure is mate. You need to authenticate with the website. That's the name used for authentication.

You are authenticating, right?

It's not a setting, etc.

Click the LOG IN link, if you're using the stock standard ASP.NET MVC template (if my memory serves me right).

UPDATE (as the posted has added more info/comments)

So what you're after is Windows Authentication. A ~~quick google search came up with this post. It's pretty helpful (though a bit old, but still relevant) .. check that out.~~

Found a better post with MVC code for Windows Authentication. Check that out instead.

Config setting that is important, is...

...
 <system.web>
  ...
  <authentication mode="Windows"/>
  ...
 </system.web>
 ...

Pure.Krome 2009-07-01 06:47:01

Thanks mate. This is great, but I just want to seamlessly do it. No clicking or login forms for the users. It's a corporate web application. Everyone inside this company should be able to view all pages of this web app, but let me grab their windows username automatically. Was super easy just a one liner in ASP.Net web forms, classic ASP etc. As long as you had integrated authentication set in IIS, you could just grab that value.. Thx again.

Aaron 2009-07-01 06:54:20

Updated my reply. HTH.

Pure.Krome 2009-07-01 06:57:57

BAM we're in business. Good on you mate, Cheers.Helped me better understand the way the MVC treats the User.Identity thing too. I.e. you can be "authenticated" from either forms or via "windows", whichever way you choose, will have the required info in that object. Great one, Cheers.

Aaron 2009-07-01 06:59:56

Found a better post with relevant info. Check out the link above. (I've updated the post, a 2nd time).

Pure.Krome 2009-07-01 07:00:04

Great one, ta. Ok works perfectly well on my VS dev web server.. Then the app is published to a dev web server, but the value is blank again. I've turned on Integrated authentication in IIS on the site, its actually a virtual directory. I.e. http://MyDevServer/MyApp/Which setting is missing? Thx again.

Aaron 2009-07-01 07:04:41

@Aaron- User.Identity works the same in both ASP.NET Web forms and ASP.NET MVC.

RichardOD 2009-07-01 10:20:23

Thanks Richard. Just figured out my issue, I was using FireFox. Which doesn't have the built-in windows integrated auth etc. IE works fine in our intranet environment. The same old issues and lessons I've learnt about 10 times over the past 10 years but always seem to forget each time :P

Aaron 2009-07-01 23:36:15

Answer 2

+1 A:

Have you attached Authorize attribute to ur action or controller?

public class HomeController : Controller {
    [Authorize]
    public ActionResult Index() {
         string userName = User.Identity.Name;
         return View();
    }
}

anonymous 2009-07-01 06:47:28

that attribute just means that the Method (it's attached to) requires a user to be authorised, before any logic will be ran. It has nothing to do with the the value of User.Identity.Name being blank.

Pure.Krome 2009-07-01 06:49:48

Thx heaps, please see my above comment Tomato. Just added this as you've suggested. Then I get an authentication web form appear on that page. So its made the user need to authenticate, but I want to do this seamlessly, i.e. everyone inside our corporate environment/lan can see every page on this web site, but I authenticate them openly, but I can grab their username. So can I just change the authentication method from forms to "integrated" basically but then allow access to everything? Thx again.

Aaron 2009-07-01 06:52:51

The authentication web form appears because the authentication mode in the MVC project is set to Forms authentication. You need to set the mode to Windows authentication in the web.config file. It will be much simpler to change instead of doing it in IIS.

anonymous 2009-07-01 07:09:27

Pure.Krome it is sad that you demean my answer in replace of ur incomplete answer that you have to edit few times to get it right. At least my answer gets the job done. By using the attribute, I force the user to be authenticated and thus the name will be available. So in what sense do i deserve to get a -1? I would have bothered to answer if i know i was gonna be bullied. Serves me right for trying to help.

anonymous 2009-07-01 07:17:47

No, I appreciate your help Tomato, please keep doing what you're doing. It gets a bit competitive on here I guess because of the points system. Your help was great and I learnt about the authorize tag also, which was a side benefit.

Aaron 2009-07-01 23:24:37

@TomatoGG: Your answer is incorrect. I still stand by mine, mate. Why? Please read the original question _carefully_. The original poster was asking WHY his variable that represents who is authenticated (textually) IsNullOrEmpty (ie. User.Identity.Name). Simple. He was not authenticated. Next, he then clarified his question by saying he wanted to _automatically_ be authenticated. As such, I then updated my answer to inform him he needed to use 'Windows Auth'. Meanwhile, your answer doesn't say that. It suggests that each action needs to force auth .. which still does FORMS auth. Not correct.

Pure.Krome 2009-07-02 00:16:14

@Pure.Krome my initial answer was correct in the context of the original question and he made the clarification only after I had answered. Your first answer was not even barely correct in the context of the original question and your final answer is also incorrect as well as you seem to indicate that setting Windows authentication alone will enforce authentication without authorization. So you should start giving urself -1 before you do it on others.

anonymous 2009-07-02 01:04:18

Answer 3

+2 A:

If you do not wish to Authorize on every controller or action, you can do a blanket authorization in the web.config file. This should work as long as you are using Windows authentication. If you allow ASP.NET to control the authentication, then you would not need to configure any IIS setting. It should then work well with whatever web server that you are running on. I do not know or assume what u have tried so far I'll try to be complete in my answer. First remark off the forms authentication tag in web.config. All following settings are placed in the system.web configuration section.

<!--
    <authentication mode="Forms">
      <forms loginUrl="~/Account/LogOn" timeout="2880" />
    </authentication>
-->

Replace with the Windows authentication tag.

<authentication mode="Windows" />

Then add the authorization tag to deny access to anonymous users. If the users are using Internet Explorer and are connecting from an Intranet zone, IE automatically will login the user. But if the user is connecting from the Internet zone, IE will still display a login box though for safety. But these are options that can be set from IE.

<authorization>
    <deny users="?" />
</authorization>

Setting authentication mode alone without authorization does not force the user to be authenticated in ASP.NET. If you want to control the security from IIS, I cannot help much with IIS settings but I know basically you can disable Basic Authentication , then enable Integrated Windows Authentication and then disable the Anonymous Login Account which will achieve the same or better results.

I am also working on an MVC project at the moment and I tested the above settings with my project and it works. You would not need the Authorize attribute since we have the authorization tag in the configuration. I hope this can be of help to you and not get another -1.

anonymous 2009-07-01 09:07:05

There we go :) An excellent answer, TomatoGG :) See! We all can get along nicely.

Pure.Krome 2009-07-02 00:17:34

ansaurus

tags:

views:

answers:

User.Identity.Name blank in ASP.Net MVC

UPDATE (as the posted has added more info/comments)

related questions