none
IIS is using app pool credentials instead of user RRS feed

  • Question

  • I'm building an intranet application that needs to use the users Windows credentials.  I have made the following settings based on articles I've read.  I'm using IE 9 to view the page.

     

    Web.config

        <authentication mode="Windows" />

     

    IIS Authentication

    Only Windows authentication is enabled for the web site.

     

    Web page

    Added line <%=System.Security.Principal.WindowsIdentity.GetCurrent().Name%> to display the credentials.

     

    If I run the page locally on my dev machine, I see "domain\user" as expected.  If I copy the page to the server and access from my dev machine, I see "IIS APPPOOL\web site".  I'm sure I have something misconfigured, but have had no luck figuring out what.

     

    Thx

    Tom

    Tuesday, March 26, 2013 9:27 PM

Answers

  • Hi Tom,

    Something to confirm:

    For the IIS site or virtual directory, have you disabled "anonymous access". This is also required so as to ask client accesser provide windows credentials.

    For server-side web page, you should put the following code to show the current authenticated user identity:

    <%= HttpContext.Current.User.Identity.Name %>


    When using windows authentication, the above property should show the authenticated winddows account of client user(to your ASP.NET web page).

    The original code (below) you used is to print out the current windows account used to run/execute your ASP.NET server-side code.

    <%=System.Security.Principal.WindowsIdentity.GetCurrent().Name%>

    As chilberto mentioned, unless you've enabled "impersonate" in ASP.NET, ASP.NET web app by defaults runs under the IIS application pool identity.

    In addition, since the questions you asked is ASP.NET specific, I'd suggest you try posting in the ASP.NET forums for more ideas:

    http://forums.asp.net


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Monday, April 1, 2013 7:46 AM
    Moderator
  • You want to use impersonate in combination with windows authentication.

    Jeff

    Tuesday, March 26, 2013 11:57 PM
  • Thanks for all of the help.  The solution was enabling impersonation, but I also had to disable the subsequent error that was caused.

    Thanks again

    Tom

    Tuesday, April 2, 2013 9:54 PM

All replies

  • You want to use impersonate in combination with windows authentication.

    Jeff

    Tuesday, March 26, 2013 11:57 PM
  • Wednesday, March 27, 2013 2:23 AM
  • Hi,

    What do you mean with "copy the page to the server"? Can you elaborate your situations more clearly, how do you host the service and how do you call it.

    Thanks.

    Best Regards.


    Haixia
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Thursday, March 28, 2013 9:44 AM
    Moderator
  • Hi Tom,

    Something to confirm:

    For the IIS site or virtual directory, have you disabled "anonymous access". This is also required so as to ask client accesser provide windows credentials.

    For server-side web page, you should put the following code to show the current authenticated user identity:

    <%= HttpContext.Current.User.Identity.Name %>


    When using windows authentication, the above property should show the authenticated winddows account of client user(to your ASP.NET web page).

    The original code (below) you used is to print out the current windows account used to run/execute your ASP.NET server-side code.

    <%=System.Security.Principal.WindowsIdentity.GetCurrent().Name%>

    As chilberto mentioned, unless you've enabled "impersonate" in ASP.NET, ASP.NET web app by defaults runs under the IIS application pool identity.

    In addition, since the questions you asked is ASP.NET specific, I'd suggest you try posting in the ASP.NET forums for more ideas:

    http://forums.asp.net


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Monday, April 1, 2013 7:46 AM
    Moderator
  • Thanks for all of the help.  The solution was enabling impersonation, but I also had to disable the subsequent error that was caused.

    Thanks again

    Tom

    Tuesday, April 2, 2013 9:54 PM