I am trying to capture the Windows Authenticated username, but I want to be
able to capture the login name that exists in IIS, not Windows. In order to
enter my company's intranet through the internet, they have to login. I want
to be able to capture that login versus their Windows login because I need
to know who they are from any computer rather than only their computer. Any
ideas?
Thanks
14  2497 
Brent,
If you check HttpContext.Current.User.Identity, it will be the identity of
the user who is authenticated to the Web application. Is that what you
need?
Jim Cheshire, MCSE, MCSD [MSFT]
Microsoft Developer Support
ASP.NET ja******@online.microsoft.com
This post is provided as-is with no warranties and confers no rights.
-------------------- From: "Brent Burkart" <Br***********@wvmb.com>
Subject: capturing username
Date: Wed, 31 Dec 2003 11:54:33 -0700
Lines: 12
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Message-ID: <e#**************@TK2MSFTNGP10.phx.gbl>
Newsgroups: microsoft.public.dotnet.framework.aspnet
NNTP-Posting-Host: te-64-146-67-30.transedge.com 64.146.67.30
Path:
cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFTN GXA05.phx.gbl!TK2MSFTNGP08
..phx.gbl!TK2MSFTNGP10.phx.gblXref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework.aspnet:199155
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
I am trying to capture the Windows Authenticated username, but I want to be
able to capture the login name that exists in IIS, not Windows. In order to
enter my company's intranet through the internet, they have to login. I
wantto be able to capture that login versus their Windows login because I need
to know who they are from any computer rather than only their computer.
Anyideas?
Thanks
Brent Burkart wrote: I am trying to capture the Windows Authenticated username, but I want
to be able to capture the login name that exists in IIS, not Windows.
In order to enter my company's intranet through the internet, they
have to login. I want to be able to capture that login versus their
Windows login because I need to know who they are from any computer
rather than only their computer. Any ideas?
Brent,
I would use System.Security.Principal.WindowsIdentity.GetCurre nt().Name
Watch out when using HttpContext.Current.User.Identity.Name. Depending
on the IIS / web.config file settings, User.Identity.Name will not give you the
correct result (for Windows authentication mode).
e.g.
On a Windows Server 2003 box where I'm logged in as Administrator:
- With Identity Impersonate= false and IIS Anonymous Access enabled / NTLM enabled
=> WindowsIdentity.GetCurrent().Name = "NT AUTHORITY\NETWORK SERVICE"
=> User.Identity.Name = ""
- With Identity Impersonate= false and IIS Anonymous Access disabled / NTLM enabled
=> WindowsIdentity.GetCurrent().Name = "NT AUTHORITY\NETWORK SERVICE"
=> User.Identity.Name = "CARL20\Administrator"
- With Identity Impersonate= true and IIS Anonymous Access enabled / NTLM enabled
=> WindowsIdentity.GetCurrent().Name = "CARL20\IUSR_CARL20"
=> User.Identity.Name = ""
- With Identity Impersonate= true and IIS Anonymous Access disabled / NTLM enabled
=> WindowsIdentity.GetCurrent().Name = "CARL20\Administrator"
=> User.Identity.Name = "CARL20\Administrator"
--
Thanks,
Carl Prothman
Microsoft ASP.NET MVP
Thanks Carl,
I have Identity Impersonate = True and IIS Anonymous Access enabled and I am
not sure what NTLM is.
I still get the username of the machine login rather than the intranet
login.
Any ideas?
"Carl Prothman [MVP]" <ca****@spamcop.net> wrote in message
news:uI**************@TK2MSFTNGP11.phx.gbl... Brent Burkart wrote: I am trying to capture the Windows Authenticated username, but I want
to be able to capture the login name that exists in IIS, not Windows.
In order to enter my company's intranet through the internet, they
have to login. I want to be able to capture that login versus their
Windows login because I need to know who they are from any computer
rather than only their computer. Any ideas?
Brent,
I would use System.Security.Principal.WindowsIdentity.GetCurre nt().Name
Watch out when using HttpContext.Current.User.Identity.Name. Depending
on the IIS / web.config file settings, User.Identity.Name will not give
you the correct result (for Windows authentication mode).
e.g.
On a Windows Server 2003 box where I'm logged in as Administrator:
- With Identity Impersonate= false and IIS Anonymous Access enabled / NTLM
enabled => WindowsIdentity.GetCurrent().Name = "NT AUTHORITY\NETWORK SERVICE"
=> User.Identity.Name = ""
- With Identity Impersonate= false and IIS Anonymous Access disabled /
NTLM enabled => WindowsIdentity.GetCurrent().Name = "NT AUTHORITY\NETWORK SERVICE"
=> User.Identity.Name = "CARL20\Administrator"
- With Identity Impersonate= true and IIS Anonymous Access enabled / NTLM
enabled => WindowsIdentity.GetCurrent().Name = "CARL20\IUSR_CARL20"
=> User.Identity.Name = ""
- With Identity Impersonate= true and IIS Anonymous Access disabled / NTLM
enabled => WindowsIdentity.GetCurrent().Name = "CARL20\Administrator"
=> User.Identity.Name = "CARL20\Administrator"
--
Thanks,
Carl Prothman
Microsoft ASP.NET MVP
Carl,
You are correct as long as we're relying on Windows Authentication or Basic
Authentication in IIS. (In other words, the authentication mode for the
application needs to be Windows.) I missed the "capture the Windows
Authenticated username" part of Brent's message initially due to
multi-tasking :). As long as the above is correct, WindowsIdentity will
return the correct user as long as impersonation is enabled.
Jim Cheshire, MCSE, MCSD [MSFT]
Microsoft Developer Support
ASP.NET ja******@online.microsoft.com
This post is provided as-is with no warranties and confers no rights.
-------------------- From: "Carl Prothman [MVP]" <ca****@spamcop.net>
References: <e#**************@TK2MSFTNGP10.phx.gbl>
Subject: Re: capturing username
Date: Wed, 31 Dec 2003 12:41:12 -0800
Lines: 43
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.3790.0
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Message-ID: <uI**************@TK2MSFTNGP11.phx.gbl>
Newsgroups: microsoft.public.dotnet.framework.aspnet
NNTP-Posting-Host: 131.107.3.92
Path:
cpmsftngxa07.phx.gbl!cpmsftngxa06.phx.gbl!cpmsftng xa09.phx.gbl!TK2MSFTNGP08.
phx.gbl!TK2MSFTNGP11.phx.gblXref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework.aspnet:199179
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
Brent Burkart wrote: I am trying to capture the Windows Authenticated username, but I want
to be able to capture the login name that exists in IIS, not Windows.
In order to enter my company's intranet through the internet, they
have to login. I want to be able to capture that login versus their
Windows login because I need to know who they are from any computer
rather than only their computer. Any ideas?
Brent,
I would use System.Security.Principal.WindowsIdentity.GetCurre nt().Name
Watch out when using HttpContext.Current.User.Identity.Name. Depending
on the IIS / web.config file settings, User.Identity.Name will not give
you thecorrect result (for Windows authentication mode).
e.g.
On a Windows Server 2003 box where I'm logged in as Administrator:
- With Identity Impersonate= false and IIS Anonymous Access enabled / NTLM
enabled => WindowsIdentity.GetCurrent().Name = "NT AUTHORITY\NETWORK SERVICE"
=> User.Identity.Name = ""
- With Identity Impersonate= false and IIS Anonymous Access disabled /
NTLM enabled => WindowsIdentity.GetCurrent().Name = "NT AUTHORITY\NETWORK SERVICE"
=> User.Identity.Name = "CARL20\Administrator"
- With Identity Impersonate= true and IIS Anonymous Access enabled / NTLM
enabled => WindowsIdentity.GetCurrent().Name = "CARL20\IUSR_CARL20"
=> User.Identity.Name = ""
- With Identity Impersonate= true and IIS Anonymous Access disabled / NTLM
enabled => WindowsIdentity.GetCurrent().Name = "CARL20\Administrator"
=> User.Identity.Name = "CARL20\Administrator"
--
Thanks,
Carl Prothman
Microsoft ASP.NET MVP
Brent Burkart wrote: Brent Burkart wrote:
I am trying to capture the Windows Authenticated username, but I
want to be able to capture the login name that exists in IIS, not
Windows. In order to enter my company's intranet through the
internet, they have to login. I want to be able to capture that
login versus their Windows login because I need to know who they
are from any computer rather than only their computer. Any ideas?
I have Identity Impersonate = True and IIS Anonymous Access enabled
and I am not sure what NTLM is.
I still get the username of the machine login rather than the intranet
login.
Brent,
There can be only three possiable accounts you can get when using
Windows authentication mode with the default settings in machine.config:
1) MachineName\ASPNET (Windows XP - IIS 5.x)
or NT AUTHORITY\NETWORK SERVICE (Windows Server 2003 - IIS 6.0)
2) MachineName\ISUR_MachineName
3) DomainName\Username
Which one are you trying to get?
Here are the configurations in IIS and web.config which will result in obtaining
the above account: (note NTLM = Integrated Windows Authentication in IIS)
- With Identity Impersonate= false and IIS Anonymous Access enabled / NTLM enabled
=> WindowsIdentity.GetCurrent().Name = "NT AUTHORITY\NETWORK SERVICE"
=> User.Identity.Name = ""
- With Identity Impersonate= false and IIS Anonymous Access disabled / NTLM enabled
=> WindowsIdentity.GetCurrent().Name = "NT AUTHORITY\NETWORK SERVICE"
=> User.Identity.Name = "CARL20\Administrator"
- With Identity Impersonate= true and IIS Anonymous Access enabled / NTLM enabled
=> WindowsIdentity.GetCurrent().Name = "CARL20\IUSR_CARL20"
=> User.Identity.Name = ""
- With Identity Impersonate= true and IIS Anonymous Access disabled / NTLM enabled
=> WindowsIdentity.GetCurrent().Name = "CARL20\Administrator"
=> User.Identity.Name = "CARL20\Administrator"
--
Thanks,
Carl Prothman
Microsoft ASP.NET MVP
Jim Cheshire [MSFT] wrote: You are correct as long as we're relying on Windows Authentication or
Basic Authentication in IIS. (In other words, the authentication
mode for the application needs to be Windows.) I missed the "capture
the Windows Authenticated username" part of Brent's message initially
due to multi-tasking :). As long as the above is correct,
WindowsIdentity will return the correct user as long as impersonation
is enabled.
Right. It was the "capture the login name that exists in IIS, not Windows"
comment that caught my eye. Hence my warning for User.Identity.Name
e.g.
- With Identity Impersonate= false and IIS Anonymous Access enabled / NTLM enabled
=> WindowsIdentity.GetCurrent().Name = "NT AUTHORITY\NETWORK SERVICE"
=> User.Identity.Name = ""
Note User.Identity.Name is blank.
I guess will find out exactly what Brent meant when he replys to my question in my last post... ;-)
--
Thanks,
Carl Prothman
Microsoft ASP.NET MVP
Carl, thanks so much for your help.
I am trying to capture DomainName\Username. I don't care who logged into
the machine they are using. I only care who logged into the intranet site.
I have tried all of the combinations and I still can't seem to capture the
domainName\Username.
Thanks again
"Carl Prothman [MVP]" <ca****@spamcop.net> wrote in message
news:uc**************@TK2MSFTNGP10.phx.gbl... Brent Burkart wrote: Brent Burkart wrote:
I am trying to capture the Windows Authenticated username, but I
want to be able to capture the login name that exists in IIS, not
Windows. In order to enter my company's intranet through the
internet, they have to login. I want to be able to capture that
login versus their Windows login because I need to know who they
are from any computer rather than only their computer. Any ideas?
I have Identity Impersonate = True and IIS Anonymous Access enabled
and I am not sure what NTLM is.
I still get the username of the machine login rather than the intranet
login.
Brent,
There can be only three possiable accounts you can get when using
Windows authentication mode with the default settings in machine.config:
1) MachineName\ASPNET (Windows XP - IIS 5.x)
or NT AUTHORITY\NETWORK SERVICE (Windows Server 2003 - IIS 6.0)
2) MachineName\ISUR_MachineName
3) DomainName\Username
Which one are you trying to get?
Here are the configurations in IIS and web.config which will result in
obtaining the above account: (note NTLM = Integrated Windows Authentication in
IIS)
- With Identity Impersonate= false and IIS Anonymous Access enabled / NTLM
enabled => WindowsIdentity.GetCurrent().Name = "NT AUTHORITY\NETWORK SERVICE"
=> User.Identity.Name = ""
- With Identity Impersonate= false and IIS Anonymous Access disabled /
NTLM enabled => WindowsIdentity.GetCurrent().Name = "NT AUTHORITY\NETWORK SERVICE"
=> User.Identity.Name = "CARL20\Administrator"
- With Identity Impersonate= true and IIS Anonymous Access enabled / NTLM
enabled => WindowsIdentity.GetCurrent().Name = "CARL20\IUSR_CARL20"
=> User.Identity.Name = ""
- With Identity Impersonate= true and IIS Anonymous Access disabled / NTLM
enabled => WindowsIdentity.GetCurrent().Name = "CARL20\Administrator"
=> User.Identity.Name = "CARL20\Administrator"
--
Thanks,
Carl Prothman
Microsoft ASP.NET MVP
Brent,
If you're using Windows Integrated authentication, they will be one and the
same in almost all cases.
If you're using Basic authentication, the user will be forced to enter a
username and password, but again, in almost all cases, they will use their
domain UN/PW to access the site.
I'm curious as to exactly what you're doing here. Can you elaborate any?
Jim Cheshire, MCSE, MCSD [MSFT]
Microsoft Developer Support
ASP.NET ja******@online.microsoft.com
This post is provided as-is with no warranties and confers no rights.
-------------------- From: "Brent Burkart" <Br***********@wvmb.com>
References: <e#**************@TK2MSFTNGP10.phx.gbl>
<uI**************@TK2MSFTNGP11.phx.gbl>
<eB*************@TK2MSFTNGP11.phx.gbl>
<uc**************@TK2MSFTNGP10.phx.gbl>Subject: Re: capturing username
Date: Fri, 2 Jan 2004 13:42:15 -0700
Lines: 71
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Message-ID: <uu**************@TK2MSFTNGP10.phx.gbl>
Newsgroups: microsoft.public.dotnet.framework.aspnet
NNTP-Posting-Host: te-64-146-67-30.transedge.com 64.146.67.30
Path:
cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFTN GXA05.phx.gbl!TK2MSFTNGP08
..phx.gbl!TK2MSFTNGP10.phx.gblXref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework.aspnet:199428
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
Carl, thanks so much for your help.
I am trying to capture DomainName\Username. I don't care who logged into
the machine they are using. I only care who logged into the intranet site.
I have tried all of the combinations and I still can't seem to capture the
domainName\Username.
Thanks again
"Carl Prothman [MVP]" <ca****@spamcop.net> wrote in message
news:uc**************@TK2MSFTNGP10.phx.gbl... Brent Burkart wrote: >>> Brent Burkart wrote:
>>> I am trying to capture the Windows Authenticated username, but I
>>> want to be able to capture the login name that exists in IIS, not
>>> Windows. In order to enter my company's intranet through the
>>> internet, they have to login. I want to be able to capture that
>>> login versus their Windows login because I need to know who they
>>> are from any computer rather than only their computer. Any ideas?
>>>
> I have Identity Impersonate = True and IIS Anonymous Access enabled
> and I am not sure what NTLM is.
> I still get the username of the machine login rather than the intranet
> login.
>
Brent,
There can be only three possiable accounts you can get when using
Windows authentication mode with the default settings in machine.config:
1) MachineName\ASPNET (Windows XP - IIS 5.x)
or NT AUTHORITY\NETWORK SERVICE (Windows Server 2003 - IIS 6.0)
2) MachineName\ISUR_MachineName
3) DomainName\Username
Which one are you trying to get?
Here are the configurations in IIS and web.config which will result in
obtaining the above account: (note NTLM = Integrated Windows Authentication in
IIS)
- With Identity Impersonate= false and IIS Anonymous Access enabled /
NTLMenabled => WindowsIdentity.GetCurrent().Name = "NT AUTHORITY\NETWORK SERVICE"
=> User.Identity.Name = ""
- With Identity Impersonate= false and IIS Anonymous Access disabled /NTLM enabled => WindowsIdentity.GetCurrent().Name = "NT AUTHORITY\NETWORK SERVICE"
=> User.Identity.Name = "CARL20\Administrator"
- With Identity Impersonate= true and IIS Anonymous Access enabled / NTLM
enabled => WindowsIdentity.GetCurrent().Name = "CARL20\IUSR_CARL20"
=> User.Identity.Name = ""
- With Identity Impersonate= true and IIS Anonymous Access disabled /
NTLMenabled => WindowsIdentity.GetCurrent().Name = "CARL20\Administrator"
=> User.Identity.Name = "CARL20\Administrator"
--
Thanks,
Carl Prothman
Microsoft ASP.NET MVP
Thanks for replying.
We currently have a company intranet. To access this intranet, they must
login no matter what machine they are using. I am adding an application to
the intranet where it is neccessary that I know who is using it and instead
of managing usernames and passwords in a database, I will enter the user
automatically into my database the first time they use the application and I
will track their info based on their username.
Does that clarify?
Thanks for your help.
"Jim Cheshire [MSFT]" <ja******@online.microsoft.com> wrote in message
news:mF**************@cpmsftngxa07.phx.gbl... Brent,
If you're using Windows Integrated authentication, they will be one and
the same in almost all cases.
If you're using Basic authentication, the user will be forced to enter a
username and password, but again, in almost all cases, they will use their
domain UN/PW to access the site.
I'm curious as to exactly what you're doing here. Can you elaborate any?
Jim Cheshire, MCSE, MCSD [MSFT]
Microsoft Developer Support
ASP.NET
ja******@online.microsoft.com
This post is provided as-is with no warranties and confers no rights.
--------------------From: "Brent Burkart" <Br***********@wvmb.com>
References: <e#**************@TK2MSFTNGP10.phx.gbl> <uI**************@TK2MSFTNGP11.phx.gbl>
<eB*************@TK2MSFTNGP11.phx.gbl>
<uc**************@TK2MSFTNGP10.phx.gbl>Subject: Re: capturing username
Date: Fri, 2 Jan 2004 13:42:15 -0700
Lines: 71
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Message-ID: <uu**************@TK2MSFTNGP10.phx.gbl>
Newsgroups: microsoft.public.dotnet.framework.aspnet
NNTP-Posting-Host: te-64-146-67-30.transedge.com 64.146.67.30
Path:
cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFTN GXA05.phx.gbl!TK2MSFTNGP08 phx.gbl!TK2MSFTNGP10.phx.gblXref: cpmsftngxa07.phx.gbl
microsoft.public.dotnet.framework.aspnet:199428X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
Carl, thanks so much for your help.
I am trying to capture DomainName\Username. I don't care who logged into
the machine they are using. I only care who logged into the intranet
site.I have tried all of the combinations and I still can't seem to capture
thedomainName\Username.
Thanks again
"Carl Prothman [MVP]" <ca****@spamcop.net> wrote in message
news:uc**************@TK2MSFTNGP10.phx.gbl... Brent Burkart wrote:
>>> Brent Burkart wrote:
>>> I am trying to capture the Windows Authenticated username, but I
>>> want to be able to capture the login name that exists in IIS, not
>>> Windows. In order to enter my company's intranet through the
>>> internet, they have to login. I want to be able to capture that
>>> login versus their Windows login because I need to know who they
>>> are from any computer rather than only their computer. Any ideas?
>>>
> I have Identity Impersonate = True and IIS Anonymous Access enabled
> and I am not sure what NTLM is.
> I still get the username of the machine login rather than the
intranet > login.
>
Brent,
There can be only three possiable accounts you can get when using
Windows authentication mode with the default settings in
machine.config: 1) MachineName\ASPNET (Windows XP - IIS 5.x)
or NT AUTHORITY\NETWORK SERVICE (Windows Server 2003 - IIS 6.0)
2) MachineName\ISUR_MachineName
3) DomainName\Username
Which one are you trying to get?
Here are the configurations in IIS and web.config which will result in
obtaining the above account: (note NTLM = Integrated Windows Authentication in
IIS)
- With Identity Impersonate= false and IIS Anonymous Access enabled / NTLMenabled => WindowsIdentity.GetCurrent().Name = "NT AUTHORITY\NETWORK
SERVICE" => User.Identity.Name = ""
- With Identity Impersonate= false and IIS Anonymous Access disabled /
NTLM enabled => WindowsIdentity.GetCurrent().Name = "NT AUTHORITY\NETWORK
SERVICE" => User.Identity.Name = "CARL20\Administrator"
- With Identity Impersonate= true and IIS Anonymous Access enabled /
NTLMenabled => WindowsIdentity.GetCurrent().Name = "CARL20\IUSR_CARL20"
=> User.Identity.Name = ""
- With Identity Impersonate= true and IIS Anonymous Access disabled /
NTLMenabled => WindowsIdentity.GetCurrent().Name = "CARL20\Administrator"
=> User.Identity.Name = "CARL20\Administrator"
--
Thanks,
Carl Prothman
Microsoft ASP.NET MVP
Brent,
You say "to access this intranet, they must login." How do you implement
that? What kind of authentication on the Web site in IIS?
Jim Cheshire, MCSE, MCSD [MSFT]
ASP.NET
Developer Support ja******@online.microsoft.com
This post is provided as-is with no warranties and confers no rights.
-------------------- From: "Brent Burkart" <Br***********@wvmb.com>
References: <e#**************@TK2MSFTNGP10.phx.gbl>
<uI**************@TK2MSFTNGP11.phx.gbl>
<eB*************@TK2MSFTNGP11.phx.gbl>
<uc**************@TK2MSFTNGP10.phx.gbl>
<uu**************@TK2MSFTNGP10.phx.gbl>
<mF**************@cpmsftngxa07.phx.gbl>Subject: Re: capturing username
Date: Fri, 2 Jan 2004 17:11:04 -0700
Lines: 141
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Message-ID: <#0**************@TK2MSFTNGP12.phx.gbl>
Newsgroups: microsoft.public.dotnet.framework.aspnet
NNTP-Posting-Host: te-64-146-67-30.transedge.com 64.146.67.30
Path:
cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFTN GXA05.phx.gbl!TK2MSFTNGP08
..phx.gbl!TK2MSFTNGP12.phx.gblXref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework.aspnet:199454
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
Thanks for replying.
We currently have a company intranet. To access this intranet, they must
login no matter what machine they are using. I am adding an application to
the intranet where it is neccessary that I know who is using it and instead
of managing usernames and passwords in a database, I will enter the user
automatically into my database the first time they use the application and
Iwill track their info based on their username.
Does that clarify?
Thanks for your help.
"Jim Cheshire [MSFT]" <ja******@online.microsoft.com> wrote in message
news:mF**************@cpmsftngxa07.phx.gbl... Brent,
If you're using Windows Integrated authentication, they will be one and
the same in almost all cases.
If you're using Basic authentication, the user will be forced to enter a
username and password, but again, in almost all cases, they will use
their domain UN/PW to access the site.
I'm curious as to exactly what you're doing here. Can you elaborate any?
Jim Cheshire, MCSE, MCSD [MSFT]
Microsoft Developer Support
ASP.NET
ja******@online.microsoft.com
This post is provided as-is with no warranties and confers no rights.
-------------------- >From: "Brent Burkart" <Br***********@wvmb.com>
>References: <e#**************@TK2MSFTNGP10.phx.gbl>
<uI**************@TK2MSFTNGP11.phx.gbl>
<eB*************@TK2MSFTNGP11.phx.gbl>
<uc**************@TK2MSFTNGP10.phx.gbl> >Subject: Re: capturing username
>Date: Fri, 2 Jan 2004 13:42:15 -0700
>Lines: 71
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
>Message-ID: <uu**************@TK2MSFTNGP10.phx.gbl>
>Newsgroups: microsoft.public.dotnet.framework.aspnet
>NNTP-Posting-Host: te-64-146-67-30.transedge.com 64.146.67.30
>Path:
cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFT NGXA05.phx.gbl!TK2MSFTNGP0
8 phx.gbl!TK2MSFTNGP10.phx.gbl >Xref: cpmsftngxa07.phx.gbl
microsoft.public.dotnet.framework.aspnet:199428 >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
>
>Carl, thanks so much for your help.
>
>I am trying to capture DomainName\Username. I don't care who logged
into >the machine they are using. I only care who logged into the intranetsite. >I have tried all of the combinations and I still can't seem to capturethe >domainName\Username.
>
>Thanks again
>"Carl Prothman [MVP]" <ca****@spamcop.net> wrote in message
>news:uc**************@TK2MSFTNGP10.phx.gbl...
>> Brent Burkart wrote:
>> >>> Brent Burkart wrote:
>> >>> I am trying to capture the Windows Authenticated username, but I
>> >>> want to be able to capture the login name that exists in IIS, not
>> >>> Windows. In order to enter my company's intranet through the
>> >>> internet, they have to login. I want to be able to capture that
>> >>> login versus their Windows login because I need to know who they
>> >>> are from any computer rather than only their computer. Any ideas?
>> >>>
>> > I have Identity Impersonate = True and IIS Anonymous Access enabled
>> > and I am not sure what NTLM is.
>> > I still get the username of the machine login rather than theintranet >> > login.
>> >
>>
>> Brent,
>> There can be only three possiable accounts you can get when using
>> Windows authentication mode with the default settings inmachine.config: >> 1) MachineName\ASPNET (Windows XP - IIS 5.x)
>> or NT AUTHORITY\NETWORK SERVICE (Windows Server 2003 - IIS 6.0)
>> 2) MachineName\ISUR_MachineName
>> 3) DomainName\Username
>>
>> Which one are you trying to get?
>>
>> Here are the configurations in IIS and web.config which will result in
>obtaining
>> the above account: (note NTLM = Integrated Windows Authentication in
>IIS)
>>
>> - With Identity Impersonate= false and IIS Anonymous Access enabled /
NTLM >enabled
>> => WindowsIdentity.GetCurrent().Name = "NT AUTHORITY\NETWORKSERVICE" >> => User.Identity.Name = ""
>>
>> - With Identity Impersonate= false and IIS Anonymous Access disabled /
>NTLM enabled
>> => WindowsIdentity.GetCurrent().Name = "NT AUTHORITY\NETWORKSERVICE" >> => User.Identity.Name = "CARL20\Administrator"
>>
>>
>> - With Identity Impersonate= true and IIS Anonymous Access enabled /NTLM >enabled
>> => WindowsIdentity.GetCurrent().Name = "CARL20\IUSR_CARL20"
>> => User.Identity.Name = ""
>>
>> - With Identity Impersonate= true and IIS Anonymous Access disabled /
NTLM >enabled
>> => WindowsIdentity.GetCurrent().Name = "CARL20\Administrator"
>> => User.Identity.Name = "CARL20\Administrator"
>>
>> --
>>
>> Thanks,
>> Carl Prothman
>> Microsoft ASP.NET MVP
>>
>>
>
>
>
>
Well, I didn't implement it, but I was assuming that IIS simply pops up a
login when someone hits the intranet. IIS is using "Basic Authentication".
Am I answering what you are asking?
Thanks for your help
Brent
"Jim Cheshire [MSFT]" <ja******@online.microsoft.com> wrote in message
news:53**************@cpmsftngxa07.phx.gbl... Brent,
You say "to access this intranet, they must login." How do you implement
that? What kind of authentication on the Web site in IIS?
Jim Cheshire, MCSE, MCSD [MSFT]
ASP.NET
Developer Support
ja******@online.microsoft.com
This post is provided as-is with no warranties and confers no rights.
--------------------From: "Brent Burkart" <Br***********@wvmb.com>
References: <e#**************@TK2MSFTNGP10.phx.gbl> <uI**************@TK2MSFTNGP11.phx.gbl>
<eB*************@TK2MSFTNGP11.phx.gbl>
<uc**************@TK2MSFTNGP10.phx.gbl>
<uu**************@TK2MSFTNGP10.phx.gbl>
<mF**************@cpmsftngxa07.phx.gbl>Subject: Re: capturing username
Date: Fri, 2 Jan 2004 17:11:04 -0700
Lines: 141
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Message-ID: <#0**************@TK2MSFTNGP12.phx.gbl>
Newsgroups: microsoft.public.dotnet.framework.aspnet
NNTP-Posting-Host: te-64-146-67-30.transedge.com 64.146.67.30
Path:
cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFTN GXA05.phx.gbl!TK2MSFTNGP08 phx.gbl!TK2MSFTNGP12.phx.gblXref: cpmsftngxa07.phx.gbl
microsoft.public.dotnet.framework.aspnet:199454X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
Thanks for replying.
We currently have a company intranet. To access this intranet, they must
login no matter what machine they are using. I am adding an application
tothe intranet where it is neccessary that I know who is using it and
insteadof managing usernames and passwords in a database, I will enter the user
automatically into my database the first time they use the application
and Iwill track their info based on their username.
Does that clarify?
Thanks for your help.
"Jim Cheshire [MSFT]" <ja******@online.microsoft.com> wrote in message
news:mF**************@cpmsftngxa07.phx.gbl... Brent,
If you're using Windows Integrated authentication, they will be one and
the same in almost all cases.
If you're using Basic authentication, the user will be forced to enter
a username and password, but again, in almost all cases, they will use
their domain UN/PW to access the site.
I'm curious as to exactly what you're doing here. Can you elaborate
any?
Jim Cheshire, MCSE, MCSD [MSFT]
Microsoft Developer Support
ASP.NET
ja******@online.microsoft.com
This post is provided as-is with no warranties and confers no rights.
--------------------
>From: "Brent Burkart" <Br***********@wvmb.com>
>References: <e#**************@TK2MSFTNGP10.phx.gbl>
<uI**************@TK2MSFTNGP11.phx.gbl>
<eB*************@TK2MSFTNGP11.phx.gbl>
<uc**************@TK2MSFTNGP10.phx.gbl>
>Subject: Re: capturing username
>Date: Fri, 2 Jan 2004 13:42:15 -0700
>Lines: 71
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
>Message-ID: <uu**************@TK2MSFTNGP10.phx.gbl>
>Newsgroups: microsoft.public.dotnet.framework.aspnet
>NNTP-Posting-Host: te-64-146-67-30.transedge.com 64.146.67.30
>Path:
cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFT NGXA05.phx.gbl!TK2MSFTNGP0
8 phx.gbl!TK2MSFTNGP10.phx.gbl
>Xref: cpmsftngxa07.phx.gbl
microsoft.public.dotnet.framework.aspnet:199428 >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
>
>Carl, thanks so much for your help.
>
>I am trying to capture DomainName\Username. I don't care who logged into >the machine they are using. I only care who logged into the intranet
site. >I have tried all of the combinations and I still can't seem to capture
the >domainName\Username.
>
>Thanks again
>"Carl Prothman [MVP]" <ca****@spamcop.net> wrote in message
>news:uc**************@TK2MSFTNGP10.phx.gbl...
>> Brent Burkart wrote:
>> >>> Brent Burkart wrote:
>> >>> I am trying to capture the Windows Authenticated username, but I
>> >>> want to be able to capture the login name that exists in IIS,
not >> >>> Windows. In order to enter my company's intranet through the
>> >>> internet, they have to login. I want to be able to capture that
>> >>> login versus their Windows login because I need to know who they
>> >>> are from any computer rather than only their computer. Any
ideas? >> >>>
>> > I have Identity Impersonate = True and IIS Anonymous Access
enabled >> > and I am not sure what NTLM is.
>> > I still get the username of the machine login rather than the
intranet >> > login.
>> >
>>
>> Brent,
>> There can be only three possiable accounts you can get when using
>> Windows authentication mode with the default settings in
machine.config: >> 1) MachineName\ASPNET (Windows XP - IIS 5.x)
>> or NT AUTHORITY\NETWORK SERVICE (Windows Server 2003 - IIS 6.0)
>> 2) MachineName\ISUR_MachineName
>> 3) DomainName\Username
>>
>> Which one are you trying to get?
>>
>> Here are the configurations in IIS and web.config which will result
in >obtaining
>> the above account: (note NTLM = Integrated Windows Authentication
in >IIS)
>>
>> - With Identity Impersonate= false and IIS Anonymous Access enabled
/ NTLM
>enabled
>> => WindowsIdentity.GetCurrent().Name = "NT AUTHORITY\NETWORK
SERVICE" >> => User.Identity.Name = ""
>>
>> - With Identity Impersonate= false and IIS Anonymous Access disabled
/ >NTLM enabled
>> => WindowsIdentity.GetCurrent().Name = "NT AUTHORITY\NETWORK
SERVICE" >> => User.Identity.Name = "CARL20\Administrator"
>>
>>
>> - With Identity Impersonate= true and IIS Anonymous Access enabled /
NTLM >enabled
>> => WindowsIdentity.GetCurrent().Name = "CARL20\IUSR_CARL20"
>> => User.Identity.Name = ""
>>
>> - With Identity Impersonate= true and IIS Anonymous Access disabled
/ NTLM
>enabled
>> => WindowsIdentity.GetCurrent().Name = "CARL20\Administrator"
>> => User.Identity.Name = "CARL20\Administrator"
>>
>> --
>>
>> Thanks,
>> Carl Prothman
>> Microsoft ASP.NET MVP
>>
>>
>
>
>
>
Hi Brent,
As long as the following conditions are met, the username that you get from
WindowsIdentity.GetCurrent().Name will be the user who logs into the Web
site, not the username that was used when you logged into Windows:
1. Anonymous authentication is NOT enabled in IIS.
2. Basic is enabled in IIS.
3. Windows Integrated authentication is NOT enabled in IIS.
4. You have either turned on non-user specific impersonation in the
web.config or machine.config. (i.e. <identity impersonate = "true" />).
Given all of those, you will get the username that was entered into the
challenge box that the browser presented.
Jim Cheshire, MCSE, MCSD [MSFT]
ASP.NET
Developer Support ja******@online.microsoft.com
This post is provided as-is with no warranties and confers no rights.
-------------------- From: "Brent Burkart" <Br***********@wvmb.com>
References: <e#**************@TK2MSFTNGP10.phx.gbl>
<uI**************@TK2MSFTNGP11.phx.gbl>
<eB*************@TK2MSFTNGP11.phx.gbl>
<uc**************@TK2MSFTNGP10.phx.gbl>
<uu**************@TK2MSFTNGP10.phx.gbl>
<mF**************@cpmsftngxa07.phx.gbl>
<#0**************@TK2MSFTNGP12.phx.gbl>
<53**************@cpmsftngxa07.phx.gbl>Subject: Re: capturing username
Date: Mon, 5 Jan 2004 08:52:02 -0700
Lines: 210
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Message-ID: <ej*************@TK2MSFTNGP10.phx.gbl>
Newsgroups: microsoft.public.dotnet.framework.aspnet
NNTP-Posting-Host: te-64-146-67-30.transedge.com 64.146.67.30
Path:
cpmsftngxa07.phx.gbl!cpmsftngxa06.phx.gbl!TK2MSFTN GP08.phx.gbl!TK2MSFTNGP10.
phx.gblXref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework.aspnet:199736
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
Well, I didn't implement it, but I was assuming that IIS simply pops up a
login when someone hits the intranet. IIS is using "Basic Authentication".
Am I answering what you are asking?
Thanks for your help
Brent
"Jim Cheshire [MSFT]" <ja******@online.microsoft.com> wrote in message
news:53**************@cpmsftngxa07.phx.gbl... Brent,
You say "to access this intranet, they must login." How do you implement
that? What kind of authentication on the Web site in IIS?
Jim Cheshire, MCSE, MCSD [MSFT]
ASP.NET
Developer Support
ja******@online.microsoft.com
This post is provided as-is with no warranties and confers no rights.
-------------------- >From: "Brent Burkart" <Br***********@wvmb.com>
>References: <e#**************@TK2MSFTNGP10.phx.gbl> <uI**************@TK2MSFTNGP11.phx.gbl>
<eB*************@TK2MSFTNGP11.phx.gbl>
<uc**************@TK2MSFTNGP10.phx.gbl>
<uu**************@TK2MSFTNGP10.phx.gbl>
<mF**************@cpmsftngxa07.phx.gbl> >Subject: Re: capturing username
>Date: Fri, 2 Jan 2004 17:11:04 -0700
>Lines: 141
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
>Message-ID: <#0**************@TK2MSFTNGP12.phx.gbl>
>Newsgroups: microsoft.public.dotnet.framework.aspnet
>NNTP-Posting-Host: te-64-146-67-30.transedge.com 64.146.67.30
>Path:
cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFT NGXA05.phx.gbl!TK2MSFTNGP0
8 phx.gbl!TK2MSFTNGP12.phx.gbl >Xref: cpmsftngxa07.phx.gblmicrosoft.public.dotnet.framework.aspnet:199454 >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
>
>Thanks for replying.
>
>We currently have a company intranet. To access this intranet, they
must >login no matter what machine they are using. I am adding an applicationto >the intranet where it is neccessary that I know who is using it andinstead >of managing usernames and passwords in a database, I will enter the
user >automatically into my database the first time they use the applicationand I >will track their info based on their username.
>
>Does that clarify?
>
>Thanks for your help.
>"Jim Cheshire [MSFT]" <ja******@online.microsoft.com> wrote in message
>news:mF**************@cpmsftngxa07.phx.gbl...
>> Brent,
>>
>> If you're using Windows Integrated authentication, they will be one
and >the
>> same in almost all cases.
>>
>> If you're using Basic authentication, the user will be forced to entera >> username and password, but again, in almost all cases, they will use
their >> domain UN/PW to access the site.
>>
>> I'm curious as to exactly what you're doing here. Can you elaborateany? >>
>> Jim Cheshire, MCSE, MCSD [MSFT]
>> Microsoft Developer Support
>> ASP.NET
>> ja******@online.microsoft.com
>>
>> This post is provided as-is with no warranties and confers no rights.
>>
>> --------------------
>> >From: "Brent Burkart" <Br***********@wvmb.com>
>> >References: <e#**************@TK2MSFTNGP10.phx.gbl>
>> <uI**************@TK2MSFTNGP11.phx.gbl>
>> <eB*************@TK2MSFTNGP11.phx.gbl>
>> <uc**************@TK2MSFTNGP10.phx.gbl>
>> >Subject: Re: capturing username
>> >Date: Fri, 2 Jan 2004 13:42:15 -0700
>> >Lines: 71
>> >X-Priority: 3
>> >X-MSMail-Priority: Normal
>> >X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
>> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
>> >Message-ID: <uu**************@TK2MSFTNGP10.phx.gbl>
>> >Newsgroups: microsoft.public.dotnet.framework.aspnet
>> >NNTP-Posting-Host: te-64-146-67-30.transedge.com 64.146.67.30
>> >Path:
>>
cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSF TNGXA05.phx.gbl!TK2MSFTNGP
0 8 >> phx.gbl!TK2MSFTNGP10.phx.gbl
>> >Xref: cpmsftngxa07.phx.gbl
>microsoft.public.dotnet.framework.aspnet:199428
>> >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
>> >
>> >Carl, thanks so much for your help.
>> >
>> >I am trying to capture DomainName\Username. I don't care who logged
into >> >the machine they are using. I only care who logged into the intranet
>site.
>> >I have tried all of the combinations and I still can't seem to
capture >the
>> >domainName\Username.
>> >
>> >Thanks again
>> >"Carl Prothman [MVP]" <ca****@spamcop.net> wrote in message
>> >news:uc**************@TK2MSFTNGP10.phx.gbl...
>> >> Brent Burkart wrote:
>> >> >>> Brent Burkart wrote:
>> >> >>> I am trying to capture the Windows Authenticated username, but
I >> >> >>> want to be able to capture the login name that exists in IIS,
not >> >> >>> Windows. In order to enter my company's intranet through the
>> >> >>> internet, they have to login. I want to be able to capture that
>> >> >>> login versus their Windows login because I need to know who
they >> >> >>> are from any computer rather than only their computer. Anyideas? >> >> >>>
>> >> > I have Identity Impersonate = True and IIS Anonymous Accessenabled >> >> > and I am not sure what NTLM is.
>> >> > I still get the username of the machine login rather than the
>intranet
>> >> > login.
>> >> >
>> >>
>> >> Brent,
>> >> There can be only three possiable accounts you can get when using
>> >> Windows authentication mode with the default settings in
>machine.config:
>> >> 1) MachineName\ASPNET (Windows XP - IIS 5.x)
>> >> or NT AUTHORITY\NETWORK SERVICE (Windows Server 2003 - IIS 6.0)
>> >> 2) MachineName\ISUR_MachineName
>> >> 3) DomainName\Username
>> >>
>> >> Which one are you trying to get?
>> >>
>> >> Here are the configurations in IIS and web.config which will resultin >> >obtaining
>> >> the above account: (note NTLM = Integrated Windows Authenticationin >> >IIS)
>> >>
>> >> - With Identity Impersonate= false and IIS Anonymous Access enabled/ >> NTLM
>> >enabled
>> >> => WindowsIdentity.GetCurrent().Name = "NT AUTHORITY\NETWORK
>SERVICE"
>> >> => User.Identity.Name = ""
>> >>
>> >> - With Identity Impersonate= false and IIS Anonymous Access
disabled/ >> >NTLM enabled
>> >> => WindowsIdentity.GetCurrent().Name = "NT AUTHORITY\NETWORK
>SERVICE"
>> >> => User.Identity.Name = "CARL20\Administrator"
>> >>
>> >>
>> >> - With Identity Impersonate= true and IIS Anonymous Access enabled
/ >NTLM
>> >enabled
>> >> => WindowsIdentity.GetCurrent().Name = "CARL20\IUSR_CARL20"
>> >> => User.Identity.Name = ""
>> >>
>> >> - With Identity Impersonate= true and IIS Anonymous Access disabled
/ >> NTLM
>> >enabled
>> >> => WindowsIdentity.GetCurrent().Name = "CARL20\Administrator"
>> >> => User.Identity.Name = "CARL20\Administrator"
>> >>
>> >> --
>> >>
>> >> Thanks,
>> >> Carl Prothman
>> >> Microsoft ASP.NET MVP
>> >>
>> >>
>> >
>> >
>> >
>> >
>>
>
>
>
Hi Jim, Brent
I'm following this discussion a while and have question.
I have implemented all these steps and work fine, but I
also want to trace the original login which the user used
to login at his own domain.
I have tried to use scripting to get this username
userdomain and machine name (the one you see when typing
SET in dos-box).
I used the following code, but it does not work
(errormessage unabled to create activeX object WScript.Shell)
Could you help me on this, or are there other ways to find
this information?
Best regards and thanks in advance!
Gert Jan
<script language="vbscript">
Set Shell = CreateObject("WScript.Shell")
CompName = Shell.ExpandEnvironmentStrings("%COMPUTERNAME%")
Document.writeln(CompName)
MsgBox(CompName)
</script>
===== -----Original Message-----
Hi Brent,
As long as the following conditions are met, the username
that you get from WindowsIdentity.GetCurrent().Name will be the user who
logs into the Web site, not the username that was used when you logged into
Windows:
1. Anonymous authentication is NOT enabled in IIS.
2. Basic is enabled in IIS.
3. Windows Integrated authentication is NOT enabled in IIS.
4. You have either turned on non-user specific
impersonation in the web.config or machine.config. (i.e. <identity impersonate
= "true" />).
Given all of those, you will get the username that was
entered into the challenge box that the browser presented.
Jim Cheshire, MCSE, MCSD [MSFT]
ASP.NET
Developer Support
ja******@online.microsoft.com
This post is provided as-is with no warranties and confers
no rights.
--------------------From: "Brent Burkart" <Br***********@wvmb.com>
References: <e#**************@TK2MSFTNGP10.phx.gbl> <uI**************@TK2MSFTNGP11.phx.gbl>
<eB*************@TK2MSFTNGP11.phx.gbl>
<uc**************@TK2MSFTNGP10.phx.gbl>
<uu**************@TK2MSFTNGP10.phx.gbl>
<mF**************@cpmsftngxa07.phx.gbl>
<#0**************@TK2MSFTNGP12.phx.gbl>
<53**************@cpmsftngxa07.phx.gbl>Subject: Re: capturing username
Date: Mon, 5 Jan 2004 08:52:02 -0700
Lines: 210
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Message-ID: <ej*************@TK2MSFTNGP10.phx.gbl>
Newsgroups: microsoft.public.dotnet.framework.aspnet
NNTP-Posting-Host: te-64-146-67-30.transedge.com 64.146.67.30
Path:
cpmsftngxa07.phx.gbl!cpmsftngxa06.phx.gbl!TK2MSFT NGP08.phx.gbl!TK2MSFTNGP10.
phx.gblXref: cpmsftngxa07.phx.gbl
microsoft.public.dotnet.framework.aspnet:199736X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
Well, I didn't implement it, but I was assuming that IIS
simply pops up alogin when someone hits the intranet. IIS is using
"Basic Authentication".
Am I answering what you are asking?
Thanks for your help
Brent
"Jim Cheshire [MSFT]" <ja******@online.microsoft.com>
wrote in messagenews:53**************@cpmsftngxa07.phx.gbl... Brent,
You say "to access this intranet, they must login."
How do you implement that? What kind of authentication on the Web site in IIS?
Jim Cheshire, MCSE, MCSD [MSFT]
ASP.NET
Developer Support
ja******@online.microsoft.com
This post is provided as-is with no warranties and
confers no rights.
--------------------
>From: "Brent Burkart" <Br***********@wvmb.com>
>References: <e#**************@TK2MSFTNGP10.phx.gbl>
<uI**************@TK2MSFTNGP11.phx.gbl>
<eB*************@TK2MSFTNGP11.phx.gbl>
<uc**************@TK2MSFTNGP10.phx.gbl>
<uu**************@TK2MSFTNGP10.phx.gbl>
<mF**************@cpmsftngxa07.phx.gbl>
>Subject: Re: capturing username
>Date: Fri, 2 Jan 2004 17:11:04 -0700
>Lines: 141
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
>Message-ID: <#0**************@TK2MSFTNGP12.phx.gbl>
>Newsgroups: microsoft.public.dotnet.framework.aspnet
>NNTP-Posting-Host: te-64-146-67-30.transedge.com
64.146.67.30 >Path:
cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSF TNGXA05.phx.gbl!TK2MSFTNGP0
8 phx.gbl!TK2MSFTNGP12.phx.gbl
>Xref: cpmsftngxa07.phx.gbl
microsoft.public.dotnet.framework.aspnet:19945 4 >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
>
>Thanks for replying.
>
>We currently have a company intranet. To access this
intranet, they must >login no matter what machine they are using. I am
adding an applicationto >the intranet where it is neccessary that I know who is
using it andinstead >of managing usernames and passwords in a database, I
will enter the user >automatically into my database the first time they use
the applicationand I
>will track their info based on their username.
>
>Does that clarify?
>
>Thanks for your help.
>"Jim Cheshire [MSFT]" <ja******@online.microsoft.com>
wrote in message >news:mF**************@cpmsftngxa07.phx.gbl...
>> Brent,
>>
>> If you're using Windows Integrated authentication,
they will be one and >the
>> same in almost all cases.
>>
>> If you're using Basic authentication, the user will
be forced to entera >> username and password, but again, in almost all
cases, they will use their
>> domain UN/PW to access the site.
>>
>> I'm curious as to exactly what you're doing here.
Can you elaborateany? >>
>> Jim Cheshire, MCSE, MCSD [MSFT]
>> Microsoft Developer Support
>> ASP.NET
>> ja******@online.microsoft.com
>>
>> This post is provided as-is with no warranties and
confers no rights. >>
>> --------------------
>> >From: "Brent Burkart" <Br***********@wvmb.com>
>> >References: <e#**************@TK2MSFTNGP10.phx.gbl>
>> <uI**************@TK2MSFTNGP11.phx.gbl>
>> <eB*************@TK2MSFTNGP11.phx.gbl>
>> <uc**************@TK2MSFTNGP10.phx.gbl>
>> >Subject: Re: capturing username
>> >Date: Fri, 2 Jan 2004 13:42:15 -0700
>> >Lines: 71
>> >X-Priority: 3
>> >X-MSMail-Priority: Normal
>> >X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
>> >X-MimeOLE: Produced By Microsoft MimeOLE
V6.00.2800.1165 >> >Message-ID: <uu**************@TK2MSFTNGP10.phx.gbl>
>> >Newsgroups: microsoft.public.dotnet.framework.aspnet
>> >NNTP-Posting-Host: te-64-146-67-30.transedge.com
64.146.67.30 >> >Path:
>>
cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl!TK2MS FTNGXA05.phx.gbl!TK2MSFTNGP 0 8
>> phx.gbl!TK2MSFTNGP10.phx.gbl
>> >Xref: cpmsftngxa07.phx.gbl
>microsoft.public.dotnet.framework.aspnet:199428
>> >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
>> >
>> >Carl, thanks so much for your help.
>> >
>> >I am trying to capture DomainName\Username. I
don't care who logged into
>> >the machine they are using. I only care who logged
into the intranet >site.
>> >I have tried all of the combinations and I still
can't seem to capture >the
>> >domainName\Username.
>> >
>> >Thanks again
>> >"Carl Prothman [MVP]" <ca****@spamcop.net> wrote in
message >> >news:uc**************@TK2MSFTNGP10.phx.gbl...
>> >> Brent Burkart wrote:
>> >> >>> Brent Burkart wrote:
>> >> >>> I am trying to capture the Windows
Authenticated username, but I >> >> >>> want to be able to capture the login name
that exists in IIS,not >> >> >>> Windows. In order to enter my company's
intranet through the >> >> >>> internet, they have to login. I want to be
able to capture that >> >> >>> login versus their Windows login because I
need to know who they >> >> >>> are from any computer rather than only their
computer. Anyideas? >> >> >>>
>> >> > I have Identity Impersonate = True and IIS
Anonymous Accessenabled >> >> > and I am not sure what NTLM is.
>> >> > I still get the username of the machine login
rather than the >intranet
>> >> > login.
>> >> >
>> >>
>> >> Brent,
>> >> There can be only three possiable accounts you
can get when using >> >> Windows authentication mode with the default
settings in >machine.config:
>> >> 1) MachineName\ASPNET (Windows XP - IIS 5.x)
>> >> or NT AUTHORITY\NETWORK SERVICE (Windows
Server 2003 - IIS 6.0) >> >> 2) MachineName\ISUR_MachineName
>> >> 3) DomainName\Username
>> >>
>> >> Which one are you trying to get?
>> >>
>> >> Here are the configurations in IIS and web.config
which will resultin >> >obtaining
>> >> the above account: (note NTLM = Integrated
Windows Authenticationin >> >IIS)
>> >>
>> >> - With Identity Impersonate= false and IIS
Anonymous Access enabled/ >> NTLM
>> >enabled
>> >> => WindowsIdentity.GetCurrent().Name = "NT
AUTHORITY\NETWORK >SERVICE"
>> >> => User.Identity.Name = ""
>> >>
>> >> - With Identity Impersonate= false and IIS
Anonymous Access disabled/ >> >NTLM enabled
>> >> => WindowsIdentity.GetCurrent().Name = "NT
AUTHORITY\NETWORK >SERVICE"
>> >> => User.Identity.Name = "CARL20\Administrator"
>> >>
>> >>
>> >> - With Identity Impersonate= true and IIS
Anonymous Access enabled / >NTLM
>> >enabled
>> >> => WindowsIdentity.GetCurrent().Name =
"CARL20\IUSR_CARL20" >> >> => User.Identity.Name = ""
>> >>
>> >> - With Identity Impersonate= true and IIS
Anonymous Access disabled/ >> NTLM
>> >enabled
>> >> => WindowsIdentity.GetCurrent().Name =
"CARL20\Administrator" >> >> => User.Identity.Name = "CARL20\Administrator"
>> >>
>> >> --
>> >>
>> >> Thanks,
>> >> Carl Prothman
>> >> Microsoft ASP.NET MVP
>> >>
>> >>
>> >
>> >
>> >
>> >
>>
>
>
>
.
Gert,
I'm not sure how you can do that. You've authenticated the user already as
someone else to the Web application because of Basic authentication.
Perhaps someone else here will have other ideas.
Jim Cheshire, MCSE, MCSD [MSFT]
ASP.NET
Developer Support ja******@online.microsoft.com
This post is provided as-is with no warranties and confers no rights.
-------------------- Content-Class: urn:content-classes:message
From: "GertJan" <Ge*******@yahoo.com>
Sender: "GertJan" <Ge*******@yahoo.com>
References: <e#**************@TK2MSFTNGP10.phx.gbl>
<uI**************@TK2MSFTNGP11.phx.gbl>
<eB*************@TK2MSFTNGP11.phx.gbl>
<uc**************@TK2MSFTNGP10.phx.gbl>
<uu**************@TK2MSFTNGP10.phx.gbl>
<mF**************@cpmsftngxa07.phx.gbl>
<#0**************@TK2MSFTNGP12.phx.gbl>
<53**************@cpmsftngxa07.phx.gbl>
<ej*************@TK2MSFTNGP10.phx.gbl>
<Lx**************@cpmsftngxa07.phx.gbl>Subject: Re: capturing username
Date: Tue, 13 Jan 2004 02:30:42 -0800
Lines: 372
Message-ID: <09****************************@phx.gbl>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Newsreader: Microsoft CDO for Windows 2000
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcPZwEuPyXEvMlJ6QreMe3vVQ0vshA==
Newsgroups: microsoft.public.dotnet.framework.aspnet
Path: cpmsftngxa07.phx.gbl
Xref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework.aspnet:201702
NNTP-Posting-Host: tk2msftngxa12.phx.gbl 10.40.1.164
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
Hi Jim, Brent
I'm following this discussion a while and have question.
I have implemented all these steps and work fine, but I
also want to trace the original login which the user used
to login at his own domain.
I have tried to use scripting to get this username
userdomain and machine name (the one you see when typing
SET in dos-box).
I used the following code, but it does not work
(errormessage unabled to create activeX object WScript.Shell)
Could you help me on this, or are there other ways to find
this information?
Best regards and thanks in advance!
Gert Jan
<script language="vbscript">
Set Shell = CreateObject("WScript.Shell")
CompName = Shell.ExpandEnvironmentStrings("%COMPUTERNAME%")
Document.writeln(CompName)
MsgBox(CompName)
</script>
=====
-----Original Message-----
Hi Brent,
As long as the following conditions are met, the username
that you get fromWindowsIdentity.GetCurrent().Name will be the user who
logs into the Website, not the username that was used when you logged into
Windows:
1. Anonymous authentication is NOT enabled in IIS.
2. Basic is enabled in IIS.
3. Windows Integrated authentication is NOT enabled in IIS.
4. You have either turned on non-user specific
impersonation in theweb.config or machine.config. (i.e. <identity impersonate
= "true" />).
Given all of those, you will get the username that was
entered into thechallenge box that the browser presented.
Jim Cheshire, MCSE, MCSD [MSFT]
ASP.NET
Developer Support
ja******@online.microsoft.com
This post is provided as-is with no warranties and confers
no rights.
--------------------From: "Brent Burkart" <Br***********@wvmb.com>
References: <e#**************@TK2MSFTNGP10.phx.gbl>
<uI**************@TK2MSFTNGP11.phx.gbl>
<eB*************@TK2MSFTNGP11.phx.gbl>
<uc**************@TK2MSFTNGP10.phx.gbl>
<uu**************@TK2MSFTNGP10.phx.gbl>
<mF**************@cpmsftngxa07.phx.gbl>
<#0**************@TK2MSFTNGP12.phx.gbl>
<53**************@cpmsftngxa07.phx.gbl>Subject: Re: capturing username
Date: Mon, 5 Jan 2004 08:52:02 -0700
Lines: 210
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Message-ID: <ej*************@TK2MSFTNGP10.phx.gbl>
Newsgroups: microsoft.public.dotnet.framework.aspnet
NNTP-Posting-Host: te-64-146-67-30.transedge.com 64.146.67.30
Path:
cpmsftngxa07.phx.gbl!cpmsftngxa06.phx.gbl!TK2MSF TNGP08.phx.gbl!TK2MSFTNGP1
0.phx.gblXref: cpmsftngxa07.phx.gblmicrosoft.public.dotnet.framework.aspnet:199736X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
Well, I didn't implement it, but I was assuming that IISsimply pops up alogin when someone hits the intranet. IIS is using"Basic Authentication".
Am I answering what you are asking?
Thanks for your help
Brent
"Jim Cheshire [MSFT]" <ja******@online.microsoft.com>wrote in messagenews:53**************@cpmsftngxa07.phx.gbl...
Brent,
You say "to access this intranet, they must login."How do you implement that? What kind of authentication on the Web site in IIS?
Jim Cheshire, MCSE, MCSD [MSFT]
ASP.NET
Developer Support
ja******@online.microsoft.com
This post is provided as-is with no warranties andconfers no rights.
--------------------
>From: "Brent Burkart" <Br***********@wvmb.com>
>References: <e#**************@TK2MSFTNGP10.phx.gbl>
<uI**************@TK2MSFTNGP11.phx.gbl>
<eB*************@TK2MSFTNGP11.phx.gbl>
<uc**************@TK2MSFTNGP10.phx.gbl>
<uu**************@TK2MSFTNGP10.phx.gbl>
<mF**************@cpmsftngxa07.phx.gbl>
>Subject: Re: capturing username
>Date: Fri, 2 Jan 2004 17:11:04 -0700
>Lines: 141
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
>Message-ID: <#0**************@TK2MSFTNGP12.phx.gbl>
>Newsgroups: microsoft.public.dotnet.framework.aspnet
>NNTP-Posting-Host: te-64-146-67-30.transedge.com64.146.67.30 >Path:
cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl!TK2MS FTNGXA05.phx.gbl!TK2MSFTNG
P08 phx.gbl!TK2MSFTNGP12.phx.gbl
>Xref: cpmsftngxa07.phx.gbl
microsoft.public.dotnet.framework.aspnet:1994 54
>X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
>
>Thanks for replying.
>
>We currently have a company intranet. To access thisintranet, theymust >login no matter what machine they are using. I am
adding an applicationto
>the intranet where it is neccessary that I know who isusing it andinstead
>of managing usernames and passwords in a database, Iwill enter theuser >automatically into my database the first time they use
the applicationand
I
>will track their info based on their username.
>
>Does that clarify?
>
>Thanks for your help.
>"Jim Cheshire [MSFT]" <ja******@online.microsoft.com>wrote in message >news:mF**************@cpmsftngxa07.phx.gbl...
>> Brent,
>>
>> If you're using Windows Integrated authentication,they will be oneand >the
>> same in almost all cases.
>>
>> If you're using Basic authentication, the user will
be forced to entera
>> username and password, but again, in almost allcases, they will use their
>> domain UN/PW to access the site.
>>
>> I'm curious as to exactly what you're doing here.Can you elaborateany?
>>
>> Jim Cheshire, MCSE, MCSD [MSFT]
>> Microsoft Developer Support
>> ASP.NET
>> ja******@online.microsoft.com
>>
>> This post is provided as-is with no warranties andconfers no rights. >>
>> --------------------
>> >From: "Brent Burkart" <Br***********@wvmb.com>
>> >References: <e#**************@TK2MSFTNGP10.phx.gbl>
>> <uI**************@TK2MSFTNGP11.phx.gbl>
>> <eB*************@TK2MSFTNGP11.phx.gbl>
>> <uc**************@TK2MSFTNGP10.phx.gbl>
>> >Subject: Re: capturing username
>> >Date: Fri, 2 Jan 2004 13:42:15 -0700
>> >Lines: 71
>> >X-Priority: 3
>> >X-MSMail-Priority: Normal
>> >X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
>> >X-MimeOLE: Produced By Microsoft MimeOLEV6.00.2800.1165 >> >Message-ID: <uu**************@TK2MSFTNGP10.phx.gbl>
>> >Newsgroups: microsoft.public.dotnet.framework.aspnet
>> >NNTP-Posting-Host: te-64-146-67-30.transedge.com64.146.67.30 >> >Path:
>>
cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl!TK2M SFTNGXA05.phx.gbl!TK2MSFTN
GP0 8
>> phx.gbl!TK2MSFTNGP10.phx.gbl
>> >Xref: cpmsftngxa07.phx.gbl
>microsoft.public.dotnet.framework.aspnet:199428
>> >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
>> >
>> >Carl, thanks so much for your help.
>> >
>> >I am trying to capture DomainName\Username. I
don't care who logged into
>> >the machine they are using. I only care who loggedinto the intranet >site.
>> >I have tried all of the combinations and I stillcan't seem tocapture >the
>> >domainName\Username.
>> >
>> >Thanks again
>> >"Carl Prothman [MVP]" <ca****@spamcop.net> wrote in
message >> >news:uc**************@TK2MSFTNGP10.phx.gbl...
>> >> Brent Burkart wrote:
>> >> >>> Brent Burkart wrote:
>> >> >>> I am trying to capture the WindowsAuthenticated username, butI >> >> >>> want to be able to capture the login name
that exists in IIS,not
>> >> >>> Windows. In order to enter my company'sintranet through the >> >> >>> internet, they have to login. I want to beable to capture that >> >> >>> login versus their Windows login because Ineed to know whothey >> >> >>> are from any computer rather than only their
computer. Anyideas?
>> >> >>>
>> >> > I have Identity Impersonate = True and IISAnonymous Accessenabled
>> >> > and I am not sure what NTLM is.
>> >> > I still get the username of the machine loginrather than the >intranet
>> >> > login.
>> >> >
>> >>
>> >> Brent,
>> >> There can be only three possiable accounts youcan get when using >> >> Windows authentication mode with the defaultsettings in >machine.config:
>> >> 1) MachineName\ASPNET (Windows XP - IIS 5.x)
>> >> or NT AUTHORITY\NETWORK SERVICE (WindowsServer 2003 - IIS 6.0) >> >> 2) MachineName\ISUR_MachineName
>> >> 3) DomainName\Username
>> >>
>> >> Which one are you trying to get?
>> >>
>> >> Here are the configurations in IIS and web.configwhich will resultin
>> >obtaining
>> >> the above account: (note NTLM = IntegratedWindows Authenticationin
>> >IIS)
>> >>
>> >> - With Identity Impersonate= false and IISAnonymous Access enabled/
>> NTLM
>> >enabled
>> >> => WindowsIdentity.GetCurrent().Name = "NTAUTHORITY\NETWORK >SERVICE"
>> >> => User.Identity.Name = ""
>> >>
>> >> - With Identity Impersonate= false and IISAnonymous Accessdisabled/
>> >NTLM enabled
>> >> => WindowsIdentity.GetCurrent().Name = "NT
AUTHORITY\NETWORK >SERVICE"
>> >> => User.Identity.Name = "CARL20\Administrator"
>> >>
>> >>
>> >> - With Identity Impersonate= true and IISAnonymous Access enabled/ >NTLM
>> >enabled
>> >> => WindowsIdentity.GetCurrent().Name =
"CARL20\IUSR_CARL20" >> >> => User.Identity.Name = ""
>> >>
>> >> - With Identity Impersonate= true and IISAnonymous Access disabled/
>> NTLM
>> >enabled
>> >> => WindowsIdentity.GetCurrent().Name ="CARL20\Administrator" >> >> => User.Identity.Name = "CARL20\Administrator"
>> >>
>> >> --
>> >>
>> >> Thanks,
>> >> Carl Prothman
>> >> Microsoft ASP.NET MVP
>> >>
>> >>
>> >
>> >
>> >
>> >
>>
>
>
>
.
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: ashutosh.bhardwaj1980 |
last post by:
Hi,
I amdeveloping a web site in ASP and it is a secure site. I would like
someone to help me on this:
-->i dont want 2 users to accesss my site with the same username
parallely.
--> Also...
|
by: Raj Thakkar |
last post by:
Hi,
I am currenty working on a site for intranet.
I have a user control in the header of every page that will be
displayed only if people with certain username are surfing the site.
These lists...
|
by: Lauren Wilson |
last post by:
Does anyone know if it is possible to capture FTP responses to various
FTP commands when managing an FTP session from a VBA procedure?
For example, if we try to login to an FTP server and the...
|
by: sachu |
last post by:
Hi Everyone,
I want develop the intranet site with seamless authentication. Is there
any way to capture only the user name who has logged in the windows
machine.
Iam using PHP 5.0 MySQL and IIS...
|
by: xxoulmate |
last post by:
what script do i use to determine the username currently logged on the computer.,
tnx
is there any way to do it using php or javascript.,
|
by: xxoulmate |
last post by:
how can i captured the username logged on the computer.,
and print it in the php page.
tnx
|
by: mohanprasadgutta |
last post by:
Hello,
I want to capture the text being printed on console.
problem description is as follows.
I am calling called.pl program from caller.pl program using backticks.
in called.pl program i am...
|
by: ddtpmyra |
last post by:
Hi I have a log-in script below that do the log-in validation, my question is how can I capture the username to for my next page reference so I can execute update command according to current log-in...
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
| |
