System.Web.HttpContext.Current.User.Identity.Name giving other user's name

Question

User1122266241 posted

Hi,

I am using windows authentication for my intranet application which was developed in MVC 4.0.

To get the current user used below code.

string userid = System.Security.Principal.WindowsIdentity.GetCurrent().Name.ToUpper();

in Web.config file, i set authentication mode="Windows" and in IIS Enabled Windows Authentication and disabled Ananymous also impersonation is disabled.

 <authentication mode="Windows"></authentication> <authorization> <allow users="*"></allow> <deny users="?"></deny> </authorization> <identity impersonate="false"/>

Its working fine in local but when i deployed the application to windows server 2012 using IIS 8.5 ,am facing a completely strange issue. that is,

When client browse the application on their machine i am displaying windows logged on user same its fine for one user. But suppose two users browsing the same url at same time in different machines its displaying same name for both users, its randomly happening and displaying any one's name of both two users. I have NOT used any session or Caching or cookies in my entire application.

we have deployed this application in windows 2012 servers using load balance.

Request you to help on these issues, i tried a lot but didn't find any solution. Please please please help me.

Answer 1

User-782232518 posted

To get the current user you should always use Controller.User.

Answer 2

User-2057865890 posted

Hi RPU,

You have to windows Authentication Enabled and Anonymous Authentication Disabled.

You had do the changes in the web.config file but also you need to do these changes on server in IIS.

So the changes should be done on Application level and Server level both.

1) Double click on Authentication
2) Right click on Anonymous authentication and disable it and likewise enable Windows authentication
3) Click Basic settings. Check which application pool your website is using. Ensure it is using pass-through authentication for an "Application User" by clicking "Connect As" i.e. A user using a browser will be the person requesting authentication.
4) Click "Application Pools". Click the Application pool from "Advanced Settings". Check the Identity is set to ApplicationPoolIdentity

Regards,

Chris

Answer 3

User1122266241 posted

Hi Chris,

Thank you for your reply, i have followed the steps exactly which you mentioned but still the issue is not resolved. 

Thanks,

RP

Answer 4

User475983607 posted

When client browse the application on their machine i am displaying windows logged on user same its fine for one user. But suppose two users browsing the same url at same time in different machines its displaying same name for both users, its randomly happening and displaying any one's name of both two users. I have NOT used any session or Caching or cookies in my entire application.

This symptom is commonly due to using a static variable.  Static variables are single memory locations and global to the entire application.

Answer 5

User1122266241 posted

Hi,

Am not using static variable and displaying like below.

<span>Welcome, "@User.Identity.Name.ToUpper()".</span>

Thank you for reply.

RPU.

Answer 6

User475983607 posted

Am not using static variable and displaying like below.

If it's not a logical bug in the application then I would look at IIS caching dynamic content.

http://www.iis.net/learn/manage/managing-performance-settings/configure-iis-7-output-caching

Answer 7

User-2057865890 posted

Hi RPU,

Based on your description and config file, there are some differences between System.Security.Principal.WindowsIdentity.GetCurrent().Name and User.Identity.Name.

Table IIS anonymous authentication

Web.config Settings                             Variable Location       Resultant Identity

<identity impersonate="false"/>             HttpContext                        -
<authentication mode="Windows" />    WindowsIdentity         MACHINE\ASPNET  

reference: https://msdn.microsoft.com/en-us/library/aa302377.aspx

Best Regards,

Chris