How can c# service identify current user logon name on Terminal Services Server?

Question

How can c# service get the identity (logon name) of a terminal server user that calls it?

I wrote a c# service that listens for http request and return the current logon user. The request is initialized by a javascript that runs in the browser. That worked well so far, but it doesn't work on terminal server where there can be multiple users that are connected simultaneously. What I'm currently doing is query for the processId of "explorer" and then use "GetOwner" to get the user logon name.

Is there a way for the service to identify the user that generated the http request for it? Can I somehow get the http session and identify the user that owns it? I need to return as response the user identity.

Thanks, JJ

Answer 1

You'd need to get the port that the HTTP request is using on the client side, match that against the list of active outbound TCP connections on the machine and identify the process ID of the browser (e.g. via GetExtendedTcpTable). From there you could get the session ID of the process (e.g. by using Process.SessionId) and then look up the username associated with the session (e.g. by using WTSQuerySessionInformation or Cassia). Or you could call OpenProcess and GetSecurityInfo to get the user's SID from the process ID as this answer explains. This latter approach is probably better since there could be processes running as different users in a single session (e.g. using Run As).

That all seems like a real pain, though. Couldn't you just use Windows authentication in the browser?