Retrieving the Windows username from a logged-in machine through an intranet application.

Question

How can an application, running on a production server, access the login username of the machine that a user is accessing an application from? For example, I am currently logged into my machine on the INTRA corporate intranet. My username will be INTRA\Username.

I have added specific usernames to a database and wish to check this intranet username against the database to restrict access to an application and leverage the username across the application.

Currently, I am using the following code to access the username:

 Private username As String = Thread.CurrentPrincipal.Identity.Name

This is working great on localhost, but when authenticating against the database on a development server, I'm getting the following error:

Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.

Is this an incorrect approach? Is this even possible, or is it too much of a security issue? This application will be an internal intranet application running in an IE shop. Relevant pieces of web.config that already exist include:

 <identity impersonate="true"/>
 <authentication mode="Windows"/>
 <authorization>
  <deny users="?"/>
 </authorization>

<connectionStrings>
 <add name="CONNSTR" connectionString="Initial Catalog=DATANAME;Data Source=servername;Integrated Security=True;" providerName="System.Data.SqlClient"/>
</connectionStrings>

Answer 1

When setting up your web application on the server, you need to go into the Document Security section (the name of it changes depending on what version of IIS your server is running, but it's something like that), turn off anonymous authentication, and turn on Windows authentication. That tells the server to request windows login authentication from the browser. (Perhaps someone who knows web.config files better than I [which is nearly anyone] can edit this to point to the relevant bit; I don't think it's impersonate but if I knew, I'd say. I've so far only done this via the UI.)

Answer 2

in your example, you are locating the username that your webserver is running under. What you are after is the username of the user accessing the page.

Try something like this:

• How To: Use Windows Authentication in ASP.NET 2.0

Answer 3

If setting the directory security to Windows Authentication is not working, change it to Basic Authentication. You'll also need to specify the domain name to authenticate against. This was the only way we could get the security to propagate through from the IIS layer to the DB. Unfortunately this causes the username and password to be sent through clear text. Its not the best solution, but since things were on the Intranet, it worked while we work on updating our login procedure.