How do I get the currently loggedin Windows account from an ASP.NET page?

Question

I have an ASP.NET 3.5 application that uses ASP.NET forms authentication. I want to be able to get the Windows user name currently logged into the computer (NOT logged into the ASP.NET application, but into Windows) when data is edited in a page.

If I use Context.User.Identity.Name.Tostring(), I get the user name logged into the ASP.NET application, but I need the Windows account name.

System.Security.Principal.WindowsIdentity.GetCurrent().Name.Tostring()

Also, it only works when I run the website from Visual Studio, but after deploying to IIS it returns NT AUTHORITY\SYSTEM.

Answer 1

You have to set authentication mode to Windows in your configuration & also disable anonymous users in authorization tag.

Answer 2

To get the currently logged in user to a Windows account you have to use Windows authentication instead of Forms authentication:

System.Security.Principal.WindowsIdentity.GetCurrent().Name.Tostring() also only works when i run the website from visual studio but after deploying to IIS it returns NT AUTHORITY\SYSTEM

It shows the application current user. When you host your application on the Visual Studio web server it uses your local account. However, when you will log in to the web application with different credentials it will always show your current Windows login.

An application deployed to IIS uses the NT AUTHORITY\SYSTEM account in your case.

Answer 3

To get the currently logged-in user to Windows in C#, use:

string Username = System.Security.Principal.WindowsIdentity.GetCurrent().Name.ToString();

Answer 4

I struggled and struggled and struggled with this. One of the things is that I don't have access to IIS, that is locked down, so I couldn't change any of the server settings. I had to go with what I was capable of doing in code. When I researched it, many of the replies said, "set up IIS like this". . .well, that's great when you have access to IIS, but I didn't -- I had to work with what I could do in code. So, I ended up handling it like this:

In my web config file, I added the following lines of code within the section:

<system.webServer>
<security>
  <authentication>
    <anonymousAuthentication enabled="false" />
    <windowsAuthentication enabled="true" />
  </authentication>
</security>
</system.webServer>

Then, it returned an error on my local, which I had to go in and fix. I went to the applicationhost.config file located in the following path on my machine (yours might be different):

C:\users\"your user name"\My Documents\"yourIISInstallation"\config\applicationhost.config

and I changed the following settings to "allow", which had been set to "deny":

<section name="anonymousAuthentication" overrideModeDefault="Deny" />

changed to

<section name="anonymousAuthentication" overrideModeDefault="Allow" />

and

<section name="windowsAuthentication" overrideModeDefault="Deny" />

to

<section name="windowsAuthentication" overrideModeDefault="Allow" />

in the

<sectionGroup name="authentication">

section. Before I found out this fix, I was pulling my hair out over this. I hope this helps someone. As soon as I put in the above code into the webconfig file, it worked on the intranet, it just returned errors in my local, but as soon as I added the above to my local applicationhost.config file, it started working on my local as well. Then, I called the following variable to return the name of the logged in user on windows:

    HttpContext.Current.User.Identity.Name.ToString().Substring((HttpContext.Current.User.Identity.Name.ToString().IndexOf("\\")) + 1);

Cheers!

Answer 5

I use this:

System.Security.Principal.WindowsPrincipal user;
user = new WindowsPrincipal(this.Request.LogonUserIdentity);
this.Request.LogonUserIdentity.Impersonate();
user_name = user_name.Substring(user_name.LastIndexOf("\\") + 1);

Answer 6

string strName = HttpContext.Current.User.Identity.Name.ToString();

like you wanted it to do was correct, but you need to set up the webserver first, referring to How to Get Window NT Logged User Name Using ASP.NET (first steps setting up a web server).

Answer 7

Try with the below line of code:

string loggedOnUser = string.Empty;
 loggedOnUser = Request.ServerVariables.Get("AUTH_USER");

You may not be getting the values when you run the application from Visual Studio... Check it after deployed in IIS.

For getting the User name, use:

string userName = string.Empty;
using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, "Your Domain Name"))
{
    UserPrincipal user = new UserPrincipal(pc);
    user = UserPrincipal.FindByIdentity(pc, "User ID Will Come here");
    if (user != null)
    {
        userName = user.GivenName + " " + user.Surname;

    }
    else
    {
        //return string.Empty;
        userName = "User Not Found";
    }
}

Answer 8

I managed to resolve this issue by following the instructions on here in Method 1 at the following link - https://support.microsoft.com/en-us/help/896861/you-receive-error-401-1-when-you-browse-a-web-site-that-uses-integrate In brief, Disable all Authentication methods except Windows Authentication. Open regedit under an admin account, locate HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0, right click the node and go New, and select Multi-String Value. Enter "BackConnectionHostNames" and click Enter. For Value enter the website you're trying to set access on and click OK. Restart IIS Once I'd done that I was able to get the current windows user using HttpContext.Current.User.Identity.Name, WindowsPrincipal(this.Request.LogonUserIdentity) also got me the Windows username logged in. For reference System.Environment.UserName and System.Security.Principal.WindowsIdentity.GetCurrent().Name, both of these still gave the IIS user.

This has taken me ages to get to the bottom of. Good luck with it. IIS is a waking nightmare!