ASP.NET Authentication Troubleshooting
https://stackoverflow.com/questions/1402568
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have a fairly complex web app that was built (by a contractor) to use integrated authentication. As part of the authentication process, a GetNetworkID() function is used that looks like this:
private string GetNetworkID()
{
return HttpContext.Current.User.Identity.Name.Split(new char[] { '\\' })[1];
}
When I run this on my development box, the HttpContext.Current.User.Identity.Name value is
myNetwork\\myUserID, so the above funciton returns my User ID, as intended, and the authenticaiton process works just fine.
But when I run this on my web server, I get an Index was outside the bounds of the array error thrown by the return statement in the GetNetworkID() function.
I'm a bit lost on how to troubleshoot this and how to figure out if it's an IIS configuration issue (my web server is a Windows Server 2008 box running IIS 7), or something else.
If I hard-code my User ID as the return value for the GetNetworkID() function, it works on the web server, but I don't have any great ideas about how to debug on the web server to determine what the HttpContext.Current.User.Identity.Name return value is that's causing the array index error.
Any suggestions?
Solution
IIS runs as the IIS Service Account, so Current.User.Identity is likely going to be the name of the IIS Account.
For completeness sake, you should check for '\' either with a Find() or by calling split, and checking the length of the resultant array. If the length is 1, that means the id isn't in the form of domain\username.
In general, if you want to debug, you can write any value to the HTTP Response stream like so:
Response.Write(HttpContext.Current.User.Identity.Name)
Another method is to setup an ASP page variable, and set the page variable to the value you'd like to inspect. You can display the variable value either through ASP code, or through Javascript.
OTHER TIPS
You might be missing an IIS setting.
Try in IIS: Website (right click) | Properties | Directory Security (tab)
Click "Edit..."
Then select "Integrated Windows Authentication"
I think the user that logs into your web applciation on the other server, is not a valid login. And hence a result is not returned on User.Identity.Name.
Like you said, it works when you hardcoded the username. This means, the user creditials of the PC you are using to login is not permitted on your site. This therefore must be different to the credentials you are hardcoding.
Best bet is to debug on web server (it isn't hard - all you want to return is the User.Identity.Name and you can get the username and deduce logic from there), and verify the contents in your web.config file.
As Alan pointed out (and I upvoted him for it) you probably want to add a check on what form the User.Identity.Name takes. An updated routine could for example look like this:
private string GetNetworkID()
{
var name = HttpContext.Current.User.Identity.Name;
return name.InStr("\\") > -1 ? name.Split("\\")[1] : name;
}
This will return the second part of the login name if a \ is present, and the full string if not.
