Active Directory authentication

Question

I have a c# class which uses the WindowsIdentity namespace to return details of the current Active Directory user. This is accessible through a web part on SPS and sure enough returns the desired record values specific to that user.

I have a classic ASP application which I would like to have inherit this functionality. After wrapping it up as a COM and registering it to the server, I created a Classic ASP page from which to call and display the details to the browser window.

My problem is that when this page is accessed from an authenticated user on a client machine the only user details it displays is that of the local machine.

How do I therefore alter my code so I can display the details of the user accessing the page from a client machine?

Answer 1

Classic ASP takes us back. :-) Don't think I've touched it since 2002...

Anything wrong with just looking at Request.ServerVariables("logon_user") in the ASP page? That should give you the domain\username.

Rather than trying to run the COM-wrapped class under the identity of the end-user (which is the problem you're having), you could just pass the domain\username through to a class to retrieve the account details from AD and then display any needed items from there. That would do away with the need of impersonating to obtain the windows-identity of the current user.

Answer 2

Also check to see what authentication methods the site is running as in IIS.

Right click the website in IIS Manager, Properties --> Directory Security --> Authentication and access control --> Edit...

Make sure Integrated Windows authentication is checked, Enable anonymous access is cleared.