By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,874 Members | 1,028 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,874 IT Pros & Developers. It's quick & easy.

capturing username

P: n/a
I am trying to capture the Windows Authenticated username, but I want to be
able to capture the login name that exists in IIS, not Windows. In order to
enter my company's intranet through the internet, they have to login. I want
to be able to capture that login versus their Windows login because I need
to know who they are from any computer rather than only their computer. Any
ideas?

Thanks


Nov 18 '05 #1
Share this Question
Share on Google+
14 Replies


P: n/a
Brent,

If you check HttpContext.Current.User.Identity, it will be the identity of
the user who is authenticated to the Web application. Is that what you
need?

Jim Cheshire, MCSE, MCSD [MSFT]
Microsoft Developer Support
ASP.NET
ja******@online.microsoft.com

This post is provided as-is with no warranties and confers no rights.
--------------------
From: "Brent Burkart" <Br***********@wvmb.com>
Subject: capturing username
Date: Wed, 31 Dec 2003 11:54:33 -0700
Lines: 12
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Message-ID: <e#**************@TK2MSFTNGP10.phx.gbl>
Newsgroups: microsoft.public.dotnet.framework.aspnet
NNTP-Posting-Host: te-64-146-67-30.transedge.com 64.146.67.30
Path: cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFTN GXA05.phx.gbl!TK2MSFTNGP08
..phx.gbl!TK2MSFTNGP10.phx.gblXref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework.aspnet:199155
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet

I am trying to capture the Windows Authenticated username, but I want to be
able to capture the login name that exists in IIS, not Windows. In order to
enter my company's intranet through the internet, they have to login. I wantto be able to capture that login versus their Windows login because I need
to know who they are from any computer rather than only their computer. Anyideas?

Thanks



Nov 18 '05 #2

P: n/a
Brent Burkart wrote:
I am trying to capture the Windows Authenticated username, but I want
to be able to capture the login name that exists in IIS, not Windows.
In order to enter my company's intranet through the internet, they
have to login. I want to be able to capture that login versus their
Windows login because I need to know who they are from any computer
rather than only their computer. Any ideas?


Brent,
I would use System.Security.Principal.WindowsIdentity.GetCurre nt().Name

Watch out when using HttpContext.Current.User.Identity.Name. Depending
on the IIS / web.config file settings, User.Identity.Name will not give you the
correct result (for Windows authentication mode).

e.g.
On a Windows Server 2003 box where I'm logged in as Administrator:

- With Identity Impersonate= false and IIS Anonymous Access enabled / NTLM enabled
=> WindowsIdentity.GetCurrent().Name = "NT AUTHORITY\NETWORK SERVICE"
=> User.Identity.Name = ""

- With Identity Impersonate= false and IIS Anonymous Access disabled / NTLM enabled
=> WindowsIdentity.GetCurrent().Name = "NT AUTHORITY\NETWORK SERVICE"
=> User.Identity.Name = "CARL20\Administrator"
- With Identity Impersonate= true and IIS Anonymous Access enabled / NTLM enabled
=> WindowsIdentity.GetCurrent().Name = "CARL20\IUSR_CARL20"
=> User.Identity.Name = ""

- With Identity Impersonate= true and IIS Anonymous Access disabled / NTLM enabled
=> WindowsIdentity.GetCurrent().Name = "CARL20\Administrator"
=> User.Identity.Name = "CARL20\Administrator"

--

Thanks,
Carl Prothman
Microsoft ASP.NET MVP
Nov 18 '05 #3

P: n/a
Thanks Carl,

I have Identity Impersonate = True and IIS Anonymous Access enabled and I am
not sure what NTLM is.

I still get the username of the machine login rather than the intranet
login.

Any ideas?

"Carl Prothman [MVP]" <ca****@spamcop.net> wrote in message
news:uI**************@TK2MSFTNGP11.phx.gbl...
Brent Burkart wrote:
I am trying to capture the Windows Authenticated username, but I want
to be able to capture the login name that exists in IIS, not Windows.
In order to enter my company's intranet through the internet, they
have to login. I want to be able to capture that login versus their
Windows login because I need to know who they are from any computer
rather than only their computer. Any ideas?

Brent,
I would use System.Security.Principal.WindowsIdentity.GetCurre nt().Name

Watch out when using HttpContext.Current.User.Identity.Name. Depending
on the IIS / web.config file settings, User.Identity.Name will not give

you the correct result (for Windows authentication mode).

e.g.
On a Windows Server 2003 box where I'm logged in as Administrator:

- With Identity Impersonate= false and IIS Anonymous Access enabled / NTLM enabled => WindowsIdentity.GetCurrent().Name = "NT AUTHORITY\NETWORK SERVICE"
=> User.Identity.Name = ""

- With Identity Impersonate= false and IIS Anonymous Access disabled / NTLM enabled => WindowsIdentity.GetCurrent().Name = "NT AUTHORITY\NETWORK SERVICE"
=> User.Identity.Name = "CARL20\Administrator"
- With Identity Impersonate= true and IIS Anonymous Access enabled / NTLM enabled => WindowsIdentity.GetCurrent().Name = "CARL20\IUSR_CARL20"
=> User.Identity.Name = ""

- With Identity Impersonate= true and IIS Anonymous Access disabled / NTLM enabled => WindowsIdentity.GetCurrent().Name = "CARL20\Administrator"
=> User.Identity.Name = "CARL20\Administrator"

--

Thanks,
Carl Prothman
Microsoft ASP.NET MVP

Nov 18 '05 #4

P: n/a
Carl,

You are correct as long as we're relying on Windows Authentication or Basic
Authentication in IIS. (In other words, the authentication mode for the
application needs to be Windows.) I missed the "capture the Windows
Authenticated username" part of Brent's message initially due to
multi-tasking :). As long as the above is correct, WindowsIdentity will
return the correct user as long as impersonation is enabled.

Jim Cheshire, MCSE, MCSD [MSFT]
Microsoft Developer Support
ASP.NET
ja******@online.microsoft.com

This post is provided as-is with no warranties and confers no rights.

--------------------
From: "Carl Prothman [MVP]" <ca****@spamcop.net>
References: <e#**************@TK2MSFTNGP10.phx.gbl>
Subject: Re: capturing username
Date: Wed, 31 Dec 2003 12:41:12 -0800
Lines: 43
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.3790.0
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Message-ID: <uI**************@TK2MSFTNGP11.phx.gbl>
Newsgroups: microsoft.public.dotnet.framework.aspnet
NNTP-Posting-Host: 131.107.3.92
Path: cpmsftngxa07.phx.gbl!cpmsftngxa06.phx.gbl!cpmsftng xa09.phx.gbl!TK2MSFTNGP08.
phx.gbl!TK2MSFTNGP11.phx.gblXref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework.aspnet:199179
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet

Brent Burkart wrote:
I am trying to capture the Windows Authenticated username, but I want
to be able to capture the login name that exists in IIS, not Windows.
In order to enter my company's intranet through the internet, they
have to login. I want to be able to capture that login versus their
Windows login because I need to know who they are from any computer
rather than only their computer. Any ideas?

Brent,
I would use System.Security.Principal.WindowsIdentity.GetCurre nt().Name

Watch out when using HttpContext.Current.User.Identity.Name. Depending
on the IIS / web.config file settings, User.Identity.Name will not give

you thecorrect result (for Windows authentication mode).

e.g.
On a Windows Server 2003 box where I'm logged in as Administrator:

- With Identity Impersonate= false and IIS Anonymous Access enabled / NTLM enabled => WindowsIdentity.GetCurrent().Name = "NT AUTHORITY\NETWORK SERVICE"
=> User.Identity.Name = ""

- With Identity Impersonate= false and IIS Anonymous Access disabled / NTLM enabled => WindowsIdentity.GetCurrent().Name = "NT AUTHORITY\NETWORK SERVICE"
=> User.Identity.Name = "CARL20\Administrator"
- With Identity Impersonate= true and IIS Anonymous Access enabled / NTLM enabled => WindowsIdentity.GetCurrent().Name = "CARL20\IUSR_CARL20"
=> User.Identity.Name = ""

- With Identity Impersonate= true and IIS Anonymous Access disabled / NTLM enabled => WindowsIdentity.GetCurrent().Name = "CARL20\Administrator"
=> User.Identity.Name = "CARL20\Administrator"

--

Thanks,
Carl Prothman
Microsoft ASP.NET MVP


Nov 18 '05 #5

P: n/a
Brent Burkart wrote:
Brent Burkart wrote:
I am trying to capture the Windows Authenticated username, but I
want to be able to capture the login name that exists in IIS, not
Windows. In order to enter my company's intranet through the
internet, they have to login. I want to be able to capture that
login versus their Windows login because I need to know who they
are from any computer rather than only their computer. Any ideas?

I have Identity Impersonate = True and IIS Anonymous Access enabled
and I am not sure what NTLM is.
I still get the username of the machine login rather than the intranet
login.


Brent,
There can be only three possiable accounts you can get when using
Windows authentication mode with the default settings in machine.config:
1) MachineName\ASPNET (Windows XP - IIS 5.x)
or NT AUTHORITY\NETWORK SERVICE (Windows Server 2003 - IIS 6.0)
2) MachineName\ISUR_MachineName
3) DomainName\Username

Which one are you trying to get?

Here are the configurations in IIS and web.config which will result in obtaining
the above account: (note NTLM = Integrated Windows Authentication in IIS)

- With Identity Impersonate= false and IIS Anonymous Access enabled / NTLM enabled
=> WindowsIdentity.GetCurrent().Name = "NT AUTHORITY\NETWORK SERVICE"
=> User.Identity.Name = ""

- With Identity Impersonate= false and IIS Anonymous Access disabled / NTLM enabled
=> WindowsIdentity.GetCurrent().Name = "NT AUTHORITY\NETWORK SERVICE"
=> User.Identity.Name = "CARL20\Administrator"
- With Identity Impersonate= true and IIS Anonymous Access enabled / NTLM enabled
=> WindowsIdentity.GetCurrent().Name = "CARL20\IUSR_CARL20"
=> User.Identity.Name = ""

- With Identity Impersonate= true and IIS Anonymous Access disabled / NTLM enabled
=> WindowsIdentity.GetCurrent().Name = "CARL20\Administrator"
=> User.Identity.Name = "CARL20\Administrator"

--

Thanks,
Carl Prothman
Microsoft ASP.NET MVP
Nov 18 '05 #6

P: n/a
Jim Cheshire [MSFT] wrote:
You are correct as long as we're relying on Windows Authentication or
Basic Authentication in IIS. (In other words, the authentication
mode for the application needs to be Windows.) I missed the "capture
the Windows Authenticated username" part of Brent's message initially
due to multi-tasking :). As long as the above is correct,
WindowsIdentity will return the correct user as long as impersonation
is enabled.


Right. It was the "capture the login name that exists in IIS, not Windows"
comment that caught my eye. Hence my warning for User.Identity.Name
e.g.
- With Identity Impersonate= false and IIS Anonymous Access enabled / NTLM enabled
=> WindowsIdentity.GetCurrent().Name = "NT AUTHORITY\NETWORK SERVICE"
=> User.Identity.Name = ""
Note User.Identity.Name is blank.

I guess will find out exactly what Brent meant when he replys to my question in my last post... ;-)

--

Thanks,
Carl Prothman
Microsoft ASP.NET MVP
Nov 18 '05 #7

P: n/a
Carl, thanks so much for your help.

I am trying to capture DomainName\Username. I don't care who logged into
the machine they are using. I only care who logged into the intranet site.
I have tried all of the combinations and I still can't seem to capture the
domainName\Username.

Thanks again
"Carl Prothman [MVP]" <ca****@spamcop.net> wrote in message
news:uc**************@TK2MSFTNGP10.phx.gbl...
Brent Burkart wrote:
Brent Burkart wrote:
I am trying to capture the Windows Authenticated username, but I
want to be able to capture the login name that exists in IIS, not
Windows. In order to enter my company's intranet through the
internet, they have to login. I want to be able to capture that
login versus their Windows login because I need to know who they
are from any computer rather than only their computer. Any ideas?
I have Identity Impersonate = True and IIS Anonymous Access enabled
and I am not sure what NTLM is.
I still get the username of the machine login rather than the intranet
login.


Brent,
There can be only three possiable accounts you can get when using
Windows authentication mode with the default settings in machine.config:
1) MachineName\ASPNET (Windows XP - IIS 5.x)
or NT AUTHORITY\NETWORK SERVICE (Windows Server 2003 - IIS 6.0)
2) MachineName\ISUR_MachineName
3) DomainName\Username

Which one are you trying to get?

Here are the configurations in IIS and web.config which will result in

obtaining the above account: (note NTLM = Integrated Windows Authentication in IIS)
- With Identity Impersonate= false and IIS Anonymous Access enabled / NTLM enabled => WindowsIdentity.GetCurrent().Name = "NT AUTHORITY\NETWORK SERVICE"
=> User.Identity.Name = ""

- With Identity Impersonate= false and IIS Anonymous Access disabled / NTLM enabled => WindowsIdentity.GetCurrent().Name = "NT AUTHORITY\NETWORK SERVICE"
=> User.Identity.Name = "CARL20\Administrator"
- With Identity Impersonate= true and IIS Anonymous Access enabled / NTLM enabled => WindowsIdentity.GetCurrent().Name = "CARL20\IUSR_CARL20"
=> User.Identity.Name = ""

- With Identity Impersonate= true and IIS Anonymous Access disabled / NTLM enabled => WindowsIdentity.GetCurrent().Name = "CARL20\Administrator"
=> User.Identity.Name = "CARL20\Administrator"

--

Thanks,
Carl Prothman
Microsoft ASP.NET MVP


Nov 18 '05 #8

P: n/a
Brent,

If you're using Windows Integrated authentication, they will be one and the
same in almost all cases.

If you're using Basic authentication, the user will be forced to enter a
username and password, but again, in almost all cases, they will use their
domain UN/PW to access the site.

I'm curious as to exactly what you're doing here. Can you elaborate any?

Jim Cheshire, MCSE, MCSD [MSFT]
Microsoft Developer Support
ASP.NET
ja******@online.microsoft.com

This post is provided as-is with no warranties and confers no rights.

--------------------
From: "Brent Burkart" <Br***********@wvmb.com>
References: <e#**************@TK2MSFTNGP10.phx.gbl> <uI**************@TK2MSFTNGP11.phx.gbl>
<eB*************@TK2MSFTNGP11.phx.gbl>
<uc**************@TK2MSFTNGP10.phx.gbl>Subject: Re: capturing username
Date: Fri, 2 Jan 2004 13:42:15 -0700
Lines: 71
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Message-ID: <uu**************@TK2MSFTNGP10.phx.gbl>
Newsgroups: microsoft.public.dotnet.framework.aspnet
NNTP-Posting-Host: te-64-146-67-30.transedge.com 64.146.67.30
Path: cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFTN GXA05.phx.gbl!TK2MSFTNGP08
..phx.gbl!TK2MSFTNGP10.phx.gblXref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework.aspnet:199428
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet

Carl, thanks so much for your help.

I am trying to capture DomainName\Username. I don't care who logged into
the machine they are using. I only care who logged into the intranet site.
I have tried all of the combinations and I still can't seem to capture the
domainName\Username.

Thanks again
"Carl Prothman [MVP]" <ca****@spamcop.net> wrote in message
news:uc**************@TK2MSFTNGP10.phx.gbl...
Brent Burkart wrote:
>>> Brent Burkart wrote:
>>> I am trying to capture the Windows Authenticated username, but I
>>> want to be able to capture the login name that exists in IIS, not
>>> Windows. In order to enter my company's intranet through the
>>> internet, they have to login. I want to be able to capture that
>>> login versus their Windows login because I need to know who they
>>> are from any computer rather than only their computer. Any ideas?
>>>
> I have Identity Impersonate = True and IIS Anonymous Access enabled
> and I am not sure what NTLM is.
> I still get the username of the machine login rather than the intranet
> login.
>
Brent,
There can be only three possiable accounts you can get when using
Windows authentication mode with the default settings in machine.config:
1) MachineName\ASPNET (Windows XP - IIS 5.x)
or NT AUTHORITY\NETWORK SERVICE (Windows Server 2003 - IIS 6.0)
2) MachineName\ISUR_MachineName
3) DomainName\Username

Which one are you trying to get?

Here are the configurations in IIS and web.config which will result in

obtaining
the above account: (note NTLM = Integrated Windows Authentication in

IIS)

- With Identity Impersonate= false and IIS Anonymous Access enabled /

NTLMenabled
=> WindowsIdentity.GetCurrent().Name = "NT AUTHORITY\NETWORK SERVICE"
=> User.Identity.Name = ""

- With Identity Impersonate= false and IIS Anonymous Access disabled /NTLM enabled
=> WindowsIdentity.GetCurrent().Name = "NT AUTHORITY\NETWORK SERVICE"
=> User.Identity.Name = "CARL20\Administrator"
- With Identity Impersonate= true and IIS Anonymous Access enabled / NTLM

enabled
=> WindowsIdentity.GetCurrent().Name = "CARL20\IUSR_CARL20"
=> User.Identity.Name = ""

- With Identity Impersonate= true and IIS Anonymous Access disabled /

NTLMenabled
=> WindowsIdentity.GetCurrent().Name = "CARL20\Administrator"
=> User.Identity.Name = "CARL20\Administrator"

--

Thanks,
Carl Prothman
Microsoft ASP.NET MVP



Nov 18 '05 #9

P: n/a
Thanks for replying.

We currently have a company intranet. To access this intranet, they must
login no matter what machine they are using. I am adding an application to
the intranet where it is neccessary that I know who is using it and instead
of managing usernames and passwords in a database, I will enter the user
automatically into my database the first time they use the application and I
will track their info based on their username.

Does that clarify?

Thanks for your help.
"Jim Cheshire [MSFT]" <ja******@online.microsoft.com> wrote in message
news:mF**************@cpmsftngxa07.phx.gbl...
Brent,

If you're using Windows Integrated authentication, they will be one and the same in almost all cases.

If you're using Basic authentication, the user will be forced to enter a
username and password, but again, in almost all cases, they will use their
domain UN/PW to access the site.

I'm curious as to exactly what you're doing here. Can you elaborate any?

Jim Cheshire, MCSE, MCSD [MSFT]
Microsoft Developer Support
ASP.NET
ja******@online.microsoft.com

This post is provided as-is with no warranties and confers no rights.

--------------------
From: "Brent Burkart" <Br***********@wvmb.com>
References: <e#**************@TK2MSFTNGP10.phx.gbl> <uI**************@TK2MSFTNGP11.phx.gbl>
<eB*************@TK2MSFTNGP11.phx.gbl>
<uc**************@TK2MSFTNGP10.phx.gbl>
Subject: Re: capturing username
Date: Fri, 2 Jan 2004 13:42:15 -0700
Lines: 71
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Message-ID: <uu**************@TK2MSFTNGP10.phx.gbl>
Newsgroups: microsoft.public.dotnet.framework.aspnet
NNTP-Posting-Host: te-64-146-67-30.transedge.com 64.146.67.30
Path:

cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFTN GXA05.phx.gbl!TK2MSFTNGP08 phx.gbl!TK2MSFTNGP10.phx.gbl
Xref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework.aspnet:199428X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet

Carl, thanks so much for your help.

I am trying to capture DomainName\Username. I don't care who logged into
the machine they are using. I only care who logged into the intranet site.I have tried all of the combinations and I still can't seem to capture thedomainName\Username.

Thanks again
"Carl Prothman [MVP]" <ca****@spamcop.net> wrote in message
news:uc**************@TK2MSFTNGP10.phx.gbl...
Brent Burkart wrote:
>>> Brent Burkart wrote:
>>> I am trying to capture the Windows Authenticated username, but I
>>> want to be able to capture the login name that exists in IIS, not
>>> Windows. In order to enter my company's intranet through the
>>> internet, they have to login. I want to be able to capture that
>>> login versus their Windows login because I need to know who they
>>> are from any computer rather than only their computer. Any ideas?
>>>
> I have Identity Impersonate = True and IIS Anonymous Access enabled
> and I am not sure what NTLM is.
> I still get the username of the machine login rather than the intranet > login.
>

Brent,
There can be only three possiable accounts you can get when using
Windows authentication mode with the default settings in machine.config: 1) MachineName\ASPNET (Windows XP - IIS 5.x)
or NT AUTHORITY\NETWORK SERVICE (Windows Server 2003 - IIS 6.0)
2) MachineName\ISUR_MachineName
3) DomainName\Username

Which one are you trying to get?

Here are the configurations in IIS and web.config which will result in

obtaining
the above account: (note NTLM = Integrated Windows Authentication in

IIS)

- With Identity Impersonate= false and IIS Anonymous Access enabled / NTLM
enabled
=> WindowsIdentity.GetCurrent().Name = "NT AUTHORITY\NETWORK SERVICE" => User.Identity.Name = ""

- With Identity Impersonate= false and IIS Anonymous Access disabled /

NTLM enabled
=> WindowsIdentity.GetCurrent().Name = "NT AUTHORITY\NETWORK SERVICE" => User.Identity.Name = "CARL20\Administrator"
- With Identity Impersonate= true and IIS Anonymous Access enabled /

NTLMenabled
=> WindowsIdentity.GetCurrent().Name = "CARL20\IUSR_CARL20"
=> User.Identity.Name = ""

- With Identity Impersonate= true and IIS Anonymous Access disabled /

NTLM
enabled
=> WindowsIdentity.GetCurrent().Name = "CARL20\Administrator"
=> User.Identity.Name = "CARL20\Administrator"

--

Thanks,
Carl Prothman
Microsoft ASP.NET MVP


Nov 18 '05 #10

P: n/a
Brent,

You say "to access this intranet, they must login." How do you implement
that? What kind of authentication on the Web site in IIS?

Jim Cheshire, MCSE, MCSD [MSFT]
ASP.NET
Developer Support
ja******@online.microsoft.com

This post is provided as-is with no warranties and confers no rights.

--------------------
From: "Brent Burkart" <Br***********@wvmb.com>
References: <e#**************@TK2MSFTNGP10.phx.gbl> <uI**************@TK2MSFTNGP11.phx.gbl>
<eB*************@TK2MSFTNGP11.phx.gbl>
<uc**************@TK2MSFTNGP10.phx.gbl>
<uu**************@TK2MSFTNGP10.phx.gbl>
<mF**************@cpmsftngxa07.phx.gbl>Subject: Re: capturing username
Date: Fri, 2 Jan 2004 17:11:04 -0700
Lines: 141
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Message-ID: <#0**************@TK2MSFTNGP12.phx.gbl>
Newsgroups: microsoft.public.dotnet.framework.aspnet
NNTP-Posting-Host: te-64-146-67-30.transedge.com 64.146.67.30
Path: cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFTN GXA05.phx.gbl!TK2MSFTNGP08
..phx.gbl!TK2MSFTNGP12.phx.gblXref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework.aspnet:199454
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet

Thanks for replying.

We currently have a company intranet. To access this intranet, they must
login no matter what machine they are using. I am adding an application to
the intranet where it is neccessary that I know who is using it and instead
of managing usernames and passwords in a database, I will enter the user
automatically into my database the first time they use the application and Iwill track their info based on their username.

Does that clarify?

Thanks for your help.
"Jim Cheshire [MSFT]" <ja******@online.microsoft.com> wrote in message
news:mF**************@cpmsftngxa07.phx.gbl...
Brent,

If you're using Windows Integrated authentication, they will be one and

the
same in almost all cases.

If you're using Basic authentication, the user will be forced to enter a
username and password, but again, in almost all cases, they will use their
domain UN/PW to access the site.

I'm curious as to exactly what you're doing here. Can you elaborate any?

Jim Cheshire, MCSE, MCSD [MSFT]
Microsoft Developer Support
ASP.NET
ja******@online.microsoft.com

This post is provided as-is with no warranties and confers no rights.

--------------------
>From: "Brent Burkart" <Br***********@wvmb.com>
>References: <e#**************@TK2MSFTNGP10.phx.gbl>

<uI**************@TK2MSFTNGP11.phx.gbl>
<eB*************@TK2MSFTNGP11.phx.gbl>
<uc**************@TK2MSFTNGP10.phx.gbl>
>Subject: Re: capturing username
>Date: Fri, 2 Jan 2004 13:42:15 -0700
>Lines: 71
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
>Message-ID: <uu**************@TK2MSFTNGP10.phx.gbl>
>Newsgroups: microsoft.public.dotnet.framework.aspnet
>NNTP-Posting-Host: te-64-146-67-30.transedge.com 64.146.67.30
>Path:

cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFT NGXA05.phx.gbl!TK2MSFTNGP0

8
phx.gbl!TK2MSFTNGP10.phx.gbl
>Xref: cpmsftngxa07.phx.gbl

microsoft.public.dotnet.framework.aspnet:199428 >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
>
>Carl, thanks so much for your help.
>
>I am trying to capture DomainName\Username. I don't care who logged into >the machine they are using. I only care who logged into the intranetsite. >I have tried all of the combinations and I still can't seem to capturethe >domainName\Username.
>
>Thanks again
>"Carl Prothman [MVP]" <ca****@spamcop.net> wrote in message
>news:uc**************@TK2MSFTNGP10.phx.gbl...
>> Brent Burkart wrote:
>> >>> Brent Burkart wrote:
>> >>> I am trying to capture the Windows Authenticated username, but I
>> >>> want to be able to capture the login name that exists in IIS, not
>> >>> Windows. In order to enter my company's intranet through the
>> >>> internet, they have to login. I want to be able to capture that
>> >>> login versus their Windows login because I need to know who they
>> >>> are from any computer rather than only their computer. Any ideas?
>> >>>
>> > I have Identity Impersonate = True and IIS Anonymous Access enabled
>> > and I am not sure what NTLM is.
>> > I still get the username of the machine login rather than theintranet >> > login.
>> >
>>
>> Brent,
>> There can be only three possiable accounts you can get when using
>> Windows authentication mode with the default settings inmachine.config: >> 1) MachineName\ASPNET (Windows XP - IIS 5.x)
>> or NT AUTHORITY\NETWORK SERVICE (Windows Server 2003 - IIS 6.0)
>> 2) MachineName\ISUR_MachineName
>> 3) DomainName\Username
>>
>> Which one are you trying to get?
>>
>> Here are the configurations in IIS and web.config which will result in
>obtaining
>> the above account: (note NTLM = Integrated Windows Authentication in
>IIS)
>>
>> - With Identity Impersonate= false and IIS Anonymous Access enabled /

NTLM
>enabled
>> => WindowsIdentity.GetCurrent().Name = "NT AUTHORITY\NETWORKSERVICE" >> => User.Identity.Name = ""
>>
>> - With Identity Impersonate= false and IIS Anonymous Access disabled /
>NTLM enabled
>> => WindowsIdentity.GetCurrent().Name = "NT AUTHORITY\NETWORKSERVICE" >> => User.Identity.Name = "CARL20\Administrator"
>>
>>
>> - With Identity Impersonate= true and IIS Anonymous Access enabled /NTLM >enabled
>> => WindowsIdentity.GetCurrent().Name = "CARL20\IUSR_CARL20"
>> => User.Identity.Name = ""
>>
>> - With Identity Impersonate= true and IIS Anonymous Access disabled /

NTLM
>enabled
>> => WindowsIdentity.GetCurrent().Name = "CARL20\Administrator"
>> => User.Identity.Name = "CARL20\Administrator"
>>
>> --
>>
>> Thanks,
>> Carl Prothman
>> Microsoft ASP.NET MVP
>>
>>
>
>
>
>



Nov 18 '05 #11

P: n/a
Well, I didn't implement it, but I was assuming that IIS simply pops up a
login when someone hits the intranet. IIS is using "Basic Authentication".

Am I answering what you are asking?

Thanks for your help
Brent
"Jim Cheshire [MSFT]" <ja******@online.microsoft.com> wrote in message
news:53**************@cpmsftngxa07.phx.gbl...
Brent,

You say "to access this intranet, they must login." How do you implement
that? What kind of authentication on the Web site in IIS?

Jim Cheshire, MCSE, MCSD [MSFT]
ASP.NET
Developer Support
ja******@online.microsoft.com

This post is provided as-is with no warranties and confers no rights.

--------------------
From: "Brent Burkart" <Br***********@wvmb.com>
References: <e#**************@TK2MSFTNGP10.phx.gbl> <uI**************@TK2MSFTNGP11.phx.gbl>
<eB*************@TK2MSFTNGP11.phx.gbl>
<uc**************@TK2MSFTNGP10.phx.gbl>
<uu**************@TK2MSFTNGP10.phx.gbl>
<mF**************@cpmsftngxa07.phx.gbl>
Subject: Re: capturing username
Date: Fri, 2 Jan 2004 17:11:04 -0700
Lines: 141
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Message-ID: <#0**************@TK2MSFTNGP12.phx.gbl>
Newsgroups: microsoft.public.dotnet.framework.aspnet
NNTP-Posting-Host: te-64-146-67-30.transedge.com 64.146.67.30
Path:

cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFTN GXA05.phx.gbl!TK2MSFTNGP08 phx.gbl!TK2MSFTNGP12.phx.gbl
Xref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework.aspnet:199454
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet

Thanks for replying.

We currently have a company intranet. To access this intranet, they must
login no matter what machine they are using. I am adding an application tothe intranet where it is neccessary that I know who is using it and insteadof managing usernames and passwords in a database, I will enter the user
automatically into my database the first time they use the application
and I
will track their info based on their username.

Does that clarify?

Thanks for your help.
"Jim Cheshire [MSFT]" <ja******@online.microsoft.com> wrote in message
news:mF**************@cpmsftngxa07.phx.gbl...
Brent,

If you're using Windows Integrated authentication, they will be one and

the
same in almost all cases.

If you're using Basic authentication, the user will be forced to enter a username and password, but again, in almost all cases, they will use

their domain UN/PW to access the site.

I'm curious as to exactly what you're doing here. Can you elaborate any?
Jim Cheshire, MCSE, MCSD [MSFT]
Microsoft Developer Support
ASP.NET
ja******@online.microsoft.com

This post is provided as-is with no warranties and confers no rights.

--------------------
>From: "Brent Burkart" <Br***********@wvmb.com>
>References: <e#**************@TK2MSFTNGP10.phx.gbl>
<uI**************@TK2MSFTNGP11.phx.gbl>
<eB*************@TK2MSFTNGP11.phx.gbl>
<uc**************@TK2MSFTNGP10.phx.gbl>
>Subject: Re: capturing username
>Date: Fri, 2 Jan 2004 13:42:15 -0700
>Lines: 71
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
>Message-ID: <uu**************@TK2MSFTNGP10.phx.gbl>
>Newsgroups: microsoft.public.dotnet.framework.aspnet
>NNTP-Posting-Host: te-64-146-67-30.transedge.com 64.146.67.30
>Path:

cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFT NGXA05.phx.gbl!TK2MSFTNGP0
8 phx.gbl!TK2MSFTNGP10.phx.gbl
>Xref: cpmsftngxa07.phx.gbl

microsoft.public.dotnet.framework.aspnet:199428
>X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
>
>Carl, thanks so much for your help.
>
>I am trying to capture DomainName\Username. I don't care who logged into >the machine they are using. I only care who logged into the intranet

site.
>I have tried all of the combinations and I still can't seem to capture

the
>domainName\Username.
>
>Thanks again
>"Carl Prothman [MVP]" <ca****@spamcop.net> wrote in message
>news:uc**************@TK2MSFTNGP10.phx.gbl...
>> Brent Burkart wrote:
>> >>> Brent Burkart wrote:
>> >>> I am trying to capture the Windows Authenticated username, but I
>> >>> want to be able to capture the login name that exists in IIS, not >> >>> Windows. In order to enter my company's intranet through the
>> >>> internet, they have to login. I want to be able to capture that
>> >>> login versus their Windows login because I need to know who they
>> >>> are from any computer rather than only their computer. Any ideas? >> >>>
>> > I have Identity Impersonate = True and IIS Anonymous Access enabled >> > and I am not sure what NTLM is.
>> > I still get the username of the machine login rather than the

intranet
>> > login.
>> >
>>
>> Brent,
>> There can be only three possiable accounts you can get when using
>> Windows authentication mode with the default settings in

machine.config:
>> 1) MachineName\ASPNET (Windows XP - IIS 5.x)
>> or NT AUTHORITY\NETWORK SERVICE (Windows Server 2003 - IIS 6.0)
>> 2) MachineName\ISUR_MachineName
>> 3) DomainName\Username
>>
>> Which one are you trying to get?
>>
>> Here are the configurations in IIS and web.config which will result in >obtaining
>> the above account: (note NTLM = Integrated Windows Authentication in >IIS)
>>
>> - With Identity Impersonate= false and IIS Anonymous Access enabled / NTLM
>enabled
>> => WindowsIdentity.GetCurrent().Name = "NT AUTHORITY\NETWORK

SERVICE"
>> => User.Identity.Name = ""
>>
>> - With Identity Impersonate= false and IIS Anonymous Access disabled / >NTLM enabled
>> => WindowsIdentity.GetCurrent().Name = "NT AUTHORITY\NETWORK

SERVICE"
>> => User.Identity.Name = "CARL20\Administrator"
>>
>>
>> - With Identity Impersonate= true and IIS Anonymous Access enabled /

NTLM
>enabled
>> => WindowsIdentity.GetCurrent().Name = "CARL20\IUSR_CARL20"
>> => User.Identity.Name = ""
>>
>> - With Identity Impersonate= true and IIS Anonymous Access disabled / NTLM
>enabled
>> => WindowsIdentity.GetCurrent().Name = "CARL20\Administrator"
>> => User.Identity.Name = "CARL20\Administrator"
>>
>> --
>>
>> Thanks,
>> Carl Prothman
>> Microsoft ASP.NET MVP
>>
>>
>
>
>
>


Nov 18 '05 #12

P: n/a
Hi Brent,

As long as the following conditions are met, the username that you get from
WindowsIdentity.GetCurrent().Name will be the user who logs into the Web
site, not the username that was used when you logged into Windows:

1. Anonymous authentication is NOT enabled in IIS.
2. Basic is enabled in IIS.
3. Windows Integrated authentication is NOT enabled in IIS.
4. You have either turned on non-user specific impersonation in the
web.config or machine.config. (i.e. <identity impersonate = "true" />).

Given all of those, you will get the username that was entered into the
challenge box that the browser presented.

Jim Cheshire, MCSE, MCSD [MSFT]
ASP.NET
Developer Support
ja******@online.microsoft.com

This post is provided as-is with no warranties and confers no rights.

--------------------
From: "Brent Burkart" <Br***********@wvmb.com>
References: <e#**************@TK2MSFTNGP10.phx.gbl> <uI**************@TK2MSFTNGP11.phx.gbl>
<eB*************@TK2MSFTNGP11.phx.gbl>
<uc**************@TK2MSFTNGP10.phx.gbl>
<uu**************@TK2MSFTNGP10.phx.gbl>
<mF**************@cpmsftngxa07.phx.gbl>
<#0**************@TK2MSFTNGP12.phx.gbl>
<53**************@cpmsftngxa07.phx.gbl>Subject: Re: capturing username
Date: Mon, 5 Jan 2004 08:52:02 -0700
Lines: 210
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Message-ID: <ej*************@TK2MSFTNGP10.phx.gbl>
Newsgroups: microsoft.public.dotnet.framework.aspnet
NNTP-Posting-Host: te-64-146-67-30.transedge.com 64.146.67.30
Path: cpmsftngxa07.phx.gbl!cpmsftngxa06.phx.gbl!TK2MSFTN GP08.phx.gbl!TK2MSFTNGP10.
phx.gblXref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework.aspnet:199736
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet

Well, I didn't implement it, but I was assuming that IIS simply pops up a
login when someone hits the intranet. IIS is using "Basic Authentication".

Am I answering what you are asking?

Thanks for your help
Brent
"Jim Cheshire [MSFT]" <ja******@online.microsoft.com> wrote in message
news:53**************@cpmsftngxa07.phx.gbl...
Brent,

You say "to access this intranet, they must login." How do you implement
that? What kind of authentication on the Web site in IIS?

Jim Cheshire, MCSE, MCSD [MSFT]
ASP.NET
Developer Support
ja******@online.microsoft.com

This post is provided as-is with no warranties and confers no rights.

--------------------
>From: "Brent Burkart" <Br***********@wvmb.com>
>References: <e#**************@TK2MSFTNGP10.phx.gbl> <uI**************@TK2MSFTNGP11.phx.gbl>
<eB*************@TK2MSFTNGP11.phx.gbl>
<uc**************@TK2MSFTNGP10.phx.gbl>
<uu**************@TK2MSFTNGP10.phx.gbl>
<mF**************@cpmsftngxa07.phx.gbl>
>Subject: Re: capturing username
>Date: Fri, 2 Jan 2004 17:11:04 -0700
>Lines: 141
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
>Message-ID: <#0**************@TK2MSFTNGP12.phx.gbl>
>Newsgroups: microsoft.public.dotnet.framework.aspnet
>NNTP-Posting-Host: te-64-146-67-30.transedge.com 64.146.67.30
>Path:

cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFT NGXA05.phx.gbl!TK2MSFTNGP0

8
phx.gbl!TK2MSFTNGP12.phx.gbl
>Xref: cpmsftngxa07.phx.gblmicrosoft.public.dotnet.framework.aspnet:199454 >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
>
>Thanks for replying.
>
>We currently have a company intranet. To access this intranet, they must >login no matter what machine they are using. I am adding an applicationto >the intranet where it is neccessary that I know who is using it andinstead >of managing usernames and passwords in a database, I will enter the user >automatically into my database the first time they use the applicationand
I
>will track their info based on their username.
>
>Does that clarify?
>
>Thanks for your help.
>"Jim Cheshire [MSFT]" <ja******@online.microsoft.com> wrote in message
>news:mF**************@cpmsftngxa07.phx.gbl...
>> Brent,
>>
>> If you're using Windows Integrated authentication, they will be one and >the
>> same in almost all cases.
>>
>> If you're using Basic authentication, the user will be forced to entera >> username and password, but again, in almost all cases, they will use

their
>> domain UN/PW to access the site.
>>
>> I'm curious as to exactly what you're doing here. Can you elaborateany? >>
>> Jim Cheshire, MCSE, MCSD [MSFT]
>> Microsoft Developer Support
>> ASP.NET
>> ja******@online.microsoft.com
>>
>> This post is provided as-is with no warranties and confers no rights.
>>
>> --------------------
>> >From: "Brent Burkart" <Br***********@wvmb.com>
>> >References: <e#**************@TK2MSFTNGP10.phx.gbl>
>> <uI**************@TK2MSFTNGP11.phx.gbl>
>> <eB*************@TK2MSFTNGP11.phx.gbl>
>> <uc**************@TK2MSFTNGP10.phx.gbl>
>> >Subject: Re: capturing username
>> >Date: Fri, 2 Jan 2004 13:42:15 -0700
>> >Lines: 71
>> >X-Priority: 3
>> >X-MSMail-Priority: Normal
>> >X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
>> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
>> >Message-ID: <uu**************@TK2MSFTNGP10.phx.gbl>
>> >Newsgroups: microsoft.public.dotnet.framework.aspnet
>> >NNTP-Posting-Host: te-64-146-67-30.transedge.com 64.146.67.30
>> >Path:
>>


cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSF TNGXA05.phx.gbl!TK2MSFTNGP 0 8
>> phx.gbl!TK2MSFTNGP10.phx.gbl
>> >Xref: cpmsftngxa07.phx.gbl
>microsoft.public.dotnet.framework.aspnet:199428
>> >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
>> >
>> >Carl, thanks so much for your help.
>> >
>> >I am trying to capture DomainName\Username. I don't care who logged

into
>> >the machine they are using. I only care who logged into the intranet
>site.
>> >I have tried all of the combinations and I still can't seem to capture >the
>> >domainName\Username.
>> >
>> >Thanks again
>> >"Carl Prothman [MVP]" <ca****@spamcop.net> wrote in message
>> >news:uc**************@TK2MSFTNGP10.phx.gbl...
>> >> Brent Burkart wrote:
>> >> >>> Brent Burkart wrote:
>> >> >>> I am trying to capture the Windows Authenticated username, but I >> >> >>> want to be able to capture the login name that exists in IIS,

not >> >> >>> Windows. In order to enter my company's intranet through the
>> >> >>> internet, they have to login. I want to be able to capture that
>> >> >>> login versus their Windows login because I need to know who they >> >> >>> are from any computer rather than only their computer. Anyideas? >> >> >>>
>> >> > I have Identity Impersonate = True and IIS Anonymous Accessenabled >> >> > and I am not sure what NTLM is.
>> >> > I still get the username of the machine login rather than the
>intranet
>> >> > login.
>> >> >
>> >>
>> >> Brent,
>> >> There can be only three possiable accounts you can get when using
>> >> Windows authentication mode with the default settings in
>machine.config:
>> >> 1) MachineName\ASPNET (Windows XP - IIS 5.x)
>> >> or NT AUTHORITY\NETWORK SERVICE (Windows Server 2003 - IIS 6.0)
>> >> 2) MachineName\ISUR_MachineName
>> >> 3) DomainName\Username
>> >>
>> >> Which one are you trying to get?
>> >>
>> >> Here are the configurations in IIS and web.config which will resultin >> >obtaining
>> >> the above account: (note NTLM = Integrated Windows Authenticationin >> >IIS)
>> >>
>> >> - With Identity Impersonate= false and IIS Anonymous Access enabled/ >> NTLM
>> >enabled
>> >> => WindowsIdentity.GetCurrent().Name = "NT AUTHORITY\NETWORK
>SERVICE"
>> >> => User.Identity.Name = ""
>> >>
>> >> - With Identity Impersonate= false and IIS Anonymous Access disabled/
>> >NTLM enabled
>> >> => WindowsIdentity.GetCurrent().Name = "NT AUTHORITY\NETWORK
>SERVICE"
>> >> => User.Identity.Name = "CARL20\Administrator"
>> >>
>> >>
>> >> - With Identity Impersonate= true and IIS Anonymous Access enabled
/ >NTLM
>> >enabled
>> >> => WindowsIdentity.GetCurrent().Name = "CARL20\IUSR_CARL20"
>> >> => User.Identity.Name = ""
>> >>
>> >> - With Identity Impersonate= true and IIS Anonymous Access disabled

/ >> NTLM
>> >enabled
>> >> => WindowsIdentity.GetCurrent().Name = "CARL20\Administrator"
>> >> => User.Identity.Name = "CARL20\Administrator"
>> >>
>> >> --
>> >>
>> >> Thanks,
>> >> Carl Prothman
>> >> Microsoft ASP.NET MVP
>> >>
>> >>
>> >
>> >
>> >
>> >
>>
>
>
>



Nov 18 '05 #13

P: n/a
Hi Jim, Brent

I'm following this discussion a while and have question.

I have implemented all these steps and work fine, but I
also want to trace the original login which the user used
to login at his own domain.

I have tried to use scripting to get this username
userdomain and machine name (the one you see when typing
SET in dos-box).

I used the following code, but it does not work
(errormessage unabled to create activeX object WScript.Shell)



Could you help me on this, or are there other ways to find
this information?



Best regards and thanks in advance!



Gert Jan

<script language="vbscript">
Set Shell = CreateObject("WScript.Shell")
CompName = Shell.ExpandEnvironmentStrings("%COMPUTERNAME%")
Document.writeln(CompName)
MsgBox(CompName)
</script>






=====


-----Original Message-----
Hi Brent,

As long as the following conditions are met, the username that you get from WindowsIdentity.GetCurrent().Name will be the user who logs into the Web site, not the username that was used when you logged into Windows:
1. Anonymous authentication is NOT enabled in IIS.
2. Basic is enabled in IIS.
3. Windows Integrated authentication is NOT enabled in IIS.
4. You have either turned on non-user specific impersonation in the web.config or machine.config. (i.e. <identity impersonate = "true" />).
Given all of those, you will get the username that was entered into the challenge box that the browser presented.

Jim Cheshire, MCSE, MCSD [MSFT]
ASP.NET
Developer Support
ja******@online.microsoft.com

This post is provided as-is with no warranties and confers no rights.
--------------------
From: "Brent Burkart" <Br***********@wvmb.com>
References: <e#**************@TK2MSFTNGP10.phx.gbl> <uI**************@TK2MSFTNGP11.phx.gbl>
<eB*************@TK2MSFTNGP11.phx.gbl>
<uc**************@TK2MSFTNGP10.phx.gbl>
<uu**************@TK2MSFTNGP10.phx.gbl>
<mF**************@cpmsftngxa07.phx.gbl>
<#0**************@TK2MSFTNGP12.phx.gbl>
<53**************@cpmsftngxa07.phx.gbl>
Subject: Re: capturing username
Date: Mon, 5 Jan 2004 08:52:02 -0700
Lines: 210
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Message-ID: <ej*************@TK2MSFTNGP10.phx.gbl>
Newsgroups: microsoft.public.dotnet.framework.aspnet
NNTP-Posting-Host: te-64-146-67-30.transedge.com 64.146.67.30
Path:

cpmsftngxa07.phx.gbl!cpmsftngxa06.phx.gbl!TK2MSFT NGP08.phx.gbl!TK2MSFTNGP10.
phx.gbl
Xref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework.aspnet:199736
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet

Well, I didn't implement it, but I was assuming that IIS simply pops up alogin when someone hits the intranet. IIS is using "Basic Authentication".
Am I answering what you are asking?

Thanks for your help
Brent
"Jim Cheshire [MSFT]" <ja******@online.microsoft.com> wrote in messagenews:53**************@cpmsftngxa07.phx.gbl...
Brent,

You say "to access this intranet, they must login." How do you implement that? What kind of authentication on the Web site in IIS?

Jim Cheshire, MCSE, MCSD [MSFT]
ASP.NET
Developer Support
ja******@online.microsoft.com

This post is provided as-is with no warranties and confers no rights.
--------------------
>From: "Brent Burkart" <Br***********@wvmb.com>
>References: <e#**************@TK2MSFTNGP10.phx.gbl>
<uI**************@TK2MSFTNGP11.phx.gbl>
<eB*************@TK2MSFTNGP11.phx.gbl>
<uc**************@TK2MSFTNGP10.phx.gbl>
<uu**************@TK2MSFTNGP10.phx.gbl>
<mF**************@cpmsftngxa07.phx.gbl>
>Subject: Re: capturing username
>Date: Fri, 2 Jan 2004 17:11:04 -0700
>Lines: 141
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
>Message-ID: <#0**************@TK2MSFTNGP12.phx.gbl>
>Newsgroups: microsoft.public.dotnet.framework.aspnet
>NNTP-Posting-Host: te-64-146-67-30.transedge.com 64.146.67.30 >Path:

cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSF TNGXA05.phx.gbl!TK2MSFTNGP0

8 phx.gbl!TK2MSFTNGP12.phx.gbl
>Xref: cpmsftngxa07.phx.gbl

microsoft.public.dotnet.framework.aspnet:19945 4
>X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
>
>Thanks for replying.
>
>We currently have a company intranet. To access this intranet, they must
>login no matter what machine they are using. I am
adding an application
to
>the intranet where it is neccessary that I know who is
using it andinstead
>of managing usernames and passwords in a database, I
will enter the
user >automatically into my database the first time they use
the applicationand
I
>will track their info based on their username.
>
>Does that clarify?
>
>Thanks for your help.
>"Jim Cheshire [MSFT]" <ja******@online.microsoft.com>
wrote in message >news:mF**************@cpmsftngxa07.phx.gbl...
>> Brent,
>>
>> If you're using Windows Integrated authentication, they will be one
and >the
>> same in almost all cases.
>>
>> If you're using Basic authentication, the user will
be forced to entera
>> username and password, but again, in almost all
cases, they will use their
>> domain UN/PW to access the site.
>>
>> I'm curious as to exactly what you're doing here. Can you elaborateany?
>>
>> Jim Cheshire, MCSE, MCSD [MSFT]
>> Microsoft Developer Support
>> ASP.NET
>> ja******@online.microsoft.com
>>
>> This post is provided as-is with no warranties and
confers no rights. >>
>> --------------------
>> >From: "Brent Burkart" <Br***********@wvmb.com>
>> >References: <e#**************@TK2MSFTNGP10.phx.gbl>
>> <uI**************@TK2MSFTNGP11.phx.gbl>
>> <eB*************@TK2MSFTNGP11.phx.gbl>
>> <uc**************@TK2MSFTNGP10.phx.gbl>
>> >Subject: Re: capturing username
>> >Date: Fri, 2 Jan 2004 13:42:15 -0700
>> >Lines: 71
>> >X-Priority: 3
>> >X-MSMail-Priority: Normal
>> >X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
>> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 >> >Message-ID: <uu**************@TK2MSFTNGP10.phx.gbl>
>> >Newsgroups: microsoft.public.dotnet.framework.aspnet
>> >NNTP-Posting-Host: te-64-146-67-30.transedge.com 64.146.67.30 >> >Path:
>>

cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl!TK2MS FTNGXA05.phx.gbl!TK2MSFTNGP
0 8
>> phx.gbl!TK2MSFTNGP10.phx.gbl
>> >Xref: cpmsftngxa07.phx.gbl
>microsoft.public.dotnet.framework.aspnet:199428
>> >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
>> >
>> >Carl, thanks so much for your help.
>> >
>> >I am trying to capture DomainName\Username. I don't care who logged into
>> >the machine they are using. I only care who logged into the intranet >site.
>> >I have tried all of the combinations and I still can't seem to capture
>the
>> >domainName\Username.
>> >
>> >Thanks again
>> >"Carl Prothman [MVP]" <ca****@spamcop.net> wrote in
message >> >news:uc**************@TK2MSFTNGP10.phx.gbl...
>> >> Brent Burkart wrote:
>> >> >>> Brent Burkart wrote:
>> >> >>> I am trying to capture the Windows Authenticated username, but
I >> >> >>> want to be able to capture the login name
that exists in IIS,not
>> >> >>> Windows. In order to enter my company's
intranet through the >> >> >>> internet, they have to login. I want to be able to capture that >> >> >>> login versus their Windows login because I need to know who
they >> >> >>> are from any computer rather than only their
computer. Anyideas?
>> >> >>>
>> >> > I have Identity Impersonate = True and IIS
Anonymous Accessenabled
>> >> > and I am not sure what NTLM is.
>> >> > I still get the username of the machine login
rather than the >intranet
>> >> > login.
>> >> >
>> >>
>> >> Brent,
>> >> There can be only three possiable accounts you can get when using >> >> Windows authentication mode with the default settings in >machine.config:
>> >> 1) MachineName\ASPNET (Windows XP - IIS 5.x)
>> >> or NT AUTHORITY\NETWORK SERVICE (Windows Server 2003 - IIS 6.0) >> >> 2) MachineName\ISUR_MachineName
>> >> 3) DomainName\Username
>> >>
>> >> Which one are you trying to get?
>> >>
>> >> Here are the configurations in IIS and web.config which will resultin
>> >obtaining
>> >> the above account: (note NTLM = Integrated
Windows Authenticationin
>> >IIS)
>> >>
>> >> - With Identity Impersonate= false and IIS
Anonymous Access enabled/
>> NTLM
>> >enabled
>> >> => WindowsIdentity.GetCurrent().Name = "NT
AUTHORITY\NETWORK >SERVICE"
>> >> => User.Identity.Name = ""
>> >>
>> >> - With Identity Impersonate= false and IIS Anonymous Access
disabled
/
>> >NTLM enabled
>> >> => WindowsIdentity.GetCurrent().Name = "NT
AUTHORITY\NETWORK >SERVICE"
>> >> => User.Identity.Name = "CARL20\Administrator"
>> >>
>> >>
>> >> - With Identity Impersonate= true and IIS Anonymous Access enabled / >NTLM
>> >enabled
>> >> => WindowsIdentity.GetCurrent().Name =

"CARL20\IUSR_CARL20" >> >> => User.Identity.Name = ""
>> >>
>> >> - With Identity Impersonate= true and IIS Anonymous Access disabled/
>> NTLM
>> >enabled
>> >> => WindowsIdentity.GetCurrent().Name =

"CARL20\Administrator" >> >> => User.Identity.Name = "CARL20\Administrator"
>> >>
>> >> --
>> >>
>> >> Thanks,
>> >> Carl Prothman
>> >> Microsoft ASP.NET MVP
>> >>
>> >>
>> >
>> >
>> >
>> >
>>
>
>
>



.

Nov 18 '05 #14

P: n/a
Gert,

I'm not sure how you can do that. You've authenticated the user already as
someone else to the Web application because of Basic authentication.
Perhaps someone else here will have other ideas.

Jim Cheshire, MCSE, MCSD [MSFT]
ASP.NET
Developer Support
ja******@online.microsoft.com

This post is provided as-is with no warranties and confers no rights.

--------------------
Content-Class: urn:content-classes:message
From: "GertJan" <Ge*******@yahoo.com>
Sender: "GertJan" <Ge*******@yahoo.com>
References: <e#**************@TK2MSFTNGP10.phx.gbl> <uI**************@TK2MSFTNGP11.phx.gbl>
<eB*************@TK2MSFTNGP11.phx.gbl>
<uc**************@TK2MSFTNGP10.phx.gbl>
<uu**************@TK2MSFTNGP10.phx.gbl>
<mF**************@cpmsftngxa07.phx.gbl>
<#0**************@TK2MSFTNGP12.phx.gbl>
<53**************@cpmsftngxa07.phx.gbl>
<ej*************@TK2MSFTNGP10.phx.gbl>
<Lx**************@cpmsftngxa07.phx.gbl>Subject: Re: capturing username
Date: Tue, 13 Jan 2004 02:30:42 -0800
Lines: 372
Message-ID: <09****************************@phx.gbl>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Newsreader: Microsoft CDO for Windows 2000
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcPZwEuPyXEvMlJ6QreMe3vVQ0vshA==
Newsgroups: microsoft.public.dotnet.framework.aspnet
Path: cpmsftngxa07.phx.gbl
Xref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework.aspnet:201702
NNTP-Posting-Host: tk2msftngxa12.phx.gbl 10.40.1.164
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet

Hi Jim, Brent
I'm following this discussion a while and have question.
I have implemented all these steps and work fine, but I
also want to trace the original login which the user used
to login at his own domain.
I have tried to use scripting to get this username
userdomain and machine name (the one you see when typing
SET in dos-box).
I used the following code, but it does not work
(errormessage unabled to create activeX object WScript.Shell)

Could you help me on this, or are there other ways to find
this information?

Best regards and thanks in advance!

Gert Jan
<script language="vbscript">
Set Shell = CreateObject("WScript.Shell")
CompName = Shell.ExpandEnvironmentStrings("%COMPUTERNAME%")
Document.writeln(CompName)
MsgBox(CompName)
</script>

=====
-----Original Message-----
Hi Brent,

As long as the following conditions are met, the username

that you get from
WindowsIdentity.GetCurrent().Name will be the user who

logs into the Web
site, not the username that was used when you logged into

Windows:

1. Anonymous authentication is NOT enabled in IIS.
2. Basic is enabled in IIS.
3. Windows Integrated authentication is NOT enabled in IIS.
4. You have either turned on non-user specific

impersonation in the
web.config or machine.config. (i.e. <identity impersonate

= "true" />).

Given all of those, you will get the username that was

entered into the
challenge box that the browser presented.

Jim Cheshire, MCSE, MCSD [MSFT]
ASP.NET
Developer Support
ja******@online.microsoft.com

This post is provided as-is with no warranties and confers

no rights.

--------------------
From: "Brent Burkart" <Br***********@wvmb.com>
References: <e#**************@TK2MSFTNGP10.phx.gbl>

<uI**************@TK2MSFTNGP11.phx.gbl>
<eB*************@TK2MSFTNGP11.phx.gbl>
<uc**************@TK2MSFTNGP10.phx.gbl>
<uu**************@TK2MSFTNGP10.phx.gbl>
<mF**************@cpmsftngxa07.phx.gbl>
<#0**************@TK2MSFTNGP12.phx.gbl>
<53**************@cpmsftngxa07.phx.gbl>
Subject: Re: capturing username
Date: Mon, 5 Jan 2004 08:52:02 -0700
Lines: 210
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Message-ID: <ej*************@TK2MSFTNGP10.phx.gbl>
Newsgroups: microsoft.public.dotnet.framework.aspnet
NNTP-Posting-Host: te-64-146-67-30.transedge.com 64.146.67.30
Path:

cpmsftngxa07.phx.gbl!cpmsftngxa06.phx.gbl!TK2MSF TNGP08.phx.gbl!TK2MSFTNGP1 0.
phx.gbl
Xref: cpmsftngxa07.phx.gblmicrosoft.public.dotnet.framework.aspnet:199736X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet

Well, I didn't implement it, but I was assuming that IISsimply pops up alogin when someone hits the intranet. IIS is using"Basic Authentication".
Am I answering what you are asking?

Thanks for your help
Brent
"Jim Cheshire [MSFT]" <ja******@online.microsoft.com>wrote in messagenews:53**************@cpmsftngxa07.phx.gbl...
Brent,

You say "to access this intranet, they must login."How do you implement that? What kind of authentication on the Web site in IIS?

Jim Cheshire, MCSE, MCSD [MSFT]
ASP.NET
Developer Support
ja******@online.microsoft.com

This post is provided as-is with no warranties andconfers no rights.
--------------------
>From: "Brent Burkart" <Br***********@wvmb.com>
>References: <e#**************@TK2MSFTNGP10.phx.gbl>
<uI**************@TK2MSFTNGP11.phx.gbl>
<eB*************@TK2MSFTNGP11.phx.gbl>
<uc**************@TK2MSFTNGP10.phx.gbl>
<uu**************@TK2MSFTNGP10.phx.gbl>
<mF**************@cpmsftngxa07.phx.gbl>
>Subject: Re: capturing username
>Date: Fri, 2 Jan 2004 17:11:04 -0700
>Lines: 141
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
>Message-ID: <#0**************@TK2MSFTNGP12.phx.gbl>
>Newsgroups: microsoft.public.dotnet.framework.aspnet
>NNTP-Posting-Host: te-64-146-67-30.transedge.com64.146.67.30 >Path:

cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl!TK2MS FTNGXA05.phx.gbl!TK2MSFTNG
P08
phx.gbl!TK2MSFTNGP12.phx.gbl
>Xref: cpmsftngxa07.phx.gbl
microsoft.public.dotnet.framework.aspnet:1994 54
>X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
>
>Thanks for replying.
>
>We currently have a company intranet. To access thisintranet, they
must
>login no matter what machine they are using. I am

adding an applicationto
>the intranet where it is neccessary that I know who isusing it andinstead
>of managing usernames and passwords in a database, Iwill enter the
user
>automatically into my database the first time they use

the applicationand
I
>will track their info based on their username.
>
>Does that clarify?
>
>Thanks for your help.
>"Jim Cheshire [MSFT]" <ja******@online.microsoft.com>wrote in message >news:mF**************@cpmsftngxa07.phx.gbl...
>> Brent,
>>
>> If you're using Windows Integrated authentication,they will be one
and
>the
>> same in almost all cases.
>>
>> If you're using Basic authentication, the user will

be forced to entera
>> username and password, but again, in almost allcases, they will use their
>> domain UN/PW to access the site.
>>
>> I'm curious as to exactly what you're doing here.Can you elaborateany?
>>
>> Jim Cheshire, MCSE, MCSD [MSFT]
>> Microsoft Developer Support
>> ASP.NET
>> ja******@online.microsoft.com
>>
>> This post is provided as-is with no warranties andconfers no rights. >>
>> --------------------
>> >From: "Brent Burkart" <Br***********@wvmb.com>
>> >References: <e#**************@TK2MSFTNGP10.phx.gbl>
>> <uI**************@TK2MSFTNGP11.phx.gbl>
>> <eB*************@TK2MSFTNGP11.phx.gbl>
>> <uc**************@TK2MSFTNGP10.phx.gbl>
>> >Subject: Re: capturing username
>> >Date: Fri, 2 Jan 2004 13:42:15 -0700
>> >Lines: 71
>> >X-Priority: 3
>> >X-MSMail-Priority: Normal
>> >X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
>> >X-MimeOLE: Produced By Microsoft MimeOLEV6.00.2800.1165 >> >Message-ID: <uu**************@TK2MSFTNGP10.phx.gbl>
>> >Newsgroups: microsoft.public.dotnet.framework.aspnet
>> >NNTP-Posting-Host: te-64-146-67-30.transedge.com64.146.67.30 >> >Path:
>>

cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl!TK2M SFTNGXA05.phx.gbl!TK2MSFTN
GP0
8
>> phx.gbl!TK2MSFTNGP10.phx.gbl
>> >Xref: cpmsftngxa07.phx.gbl
>microsoft.public.dotnet.framework.aspnet:199428
>> >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
>> >
>> >Carl, thanks so much for your help.
>> >
>> >I am trying to capture DomainName\Username. I

don't care who logged into
>> >the machine they are using. I only care who loggedinto the intranet >site.
>> >I have tried all of the combinations and I stillcan't seem to
capture
>the
>> >domainName\Username.
>> >
>> >Thanks again
>> >"Carl Prothman [MVP]" <ca****@spamcop.net> wrote in

message >> >news:uc**************@TK2MSFTNGP10.phx.gbl...
>> >> Brent Burkart wrote:
>> >> >>> Brent Burkart wrote:
>> >> >>> I am trying to capture the WindowsAuthenticated username, but
I
>> >> >>> want to be able to capture the login name

that exists in IIS,not
>> >> >>> Windows. In order to enter my company'sintranet through the >> >> >>> internet, they have to login. I want to beable to capture that >> >> >>> login versus their Windows login because Ineed to know who
they
>> >> >>> are from any computer rather than only their

computer. Anyideas?
>> >> >>>
>> >> > I have Identity Impersonate = True and IISAnonymous Accessenabled
>> >> > and I am not sure what NTLM is.
>> >> > I still get the username of the machine loginrather than the >intranet
>> >> > login.
>> >> >
>> >>
>> >> Brent,
>> >> There can be only three possiable accounts youcan get when using >> >> Windows authentication mode with the defaultsettings in >machine.config:
>> >> 1) MachineName\ASPNET (Windows XP - IIS 5.x)
>> >> or NT AUTHORITY\NETWORK SERVICE (WindowsServer 2003 - IIS 6.0) >> >> 2) MachineName\ISUR_MachineName
>> >> 3) DomainName\Username
>> >>
>> >> Which one are you trying to get?
>> >>
>> >> Here are the configurations in IIS and web.configwhich will resultin
>> >obtaining
>> >> the above account: (note NTLM = IntegratedWindows Authenticationin
>> >IIS)
>> >>
>> >> - With Identity Impersonate= false and IISAnonymous Access enabled/
>> NTLM
>> >enabled
>> >> => WindowsIdentity.GetCurrent().Name = "NTAUTHORITY\NETWORK >SERVICE"
>> >> => User.Identity.Name = ""
>> >>
>> >> - With Identity Impersonate= false and IISAnonymous Access
disabled
/
>> >NTLM enabled
>> >> => WindowsIdentity.GetCurrent().Name = "NT

AUTHORITY\NETWORK >SERVICE"
>> >> => User.Identity.Name = "CARL20\Administrator"
>> >>
>> >>
>> >> - With Identity Impersonate= true and IISAnonymous Access enabled
/
>NTLM
>> >enabled
>> >> => WindowsIdentity.GetCurrent().Name =

"CARL20\IUSR_CARL20" >> >> => User.Identity.Name = ""
>> >>
>> >> - With Identity Impersonate= true and IISAnonymous Access disabled/
>> NTLM
>> >enabled
>> >> => WindowsIdentity.GetCurrent().Name ="CARL20\Administrator" >> >> => User.Identity.Name = "CARL20\Administrator"
>> >>
>> >> --
>> >>
>> >> Thanks,
>> >> Carl Prothman
>> >> Microsoft ASP.NET MVP
>> >>
>> >>
>> >
>> >
>> >
>> >
>>
>
>
>


.


Nov 18 '05 #15

This discussion thread is closed

Replies have been disabled for this discussion.