locked
Getting Windows Logged in User From Web RRS feed

  • Question

  • Hi All,

    I have created an Intranet application in which only the users of Active Directory has to log in.

    In that I have given the authentication as "Forms" but when the user types in the URL, the web application has to get the logged in user and it has to be validated against the Active Directory, if the user is not valid then the page has to be redirected to the Login Page, else it has to go to the landing page.

    I have tried with the steps in the link: http://msdn.microsoft.com/en-us/library/ms972958.aspx

    But I am unable to get it.

    Is there any method available to get the logged in user through forms authentication?

    Thanks a lot in advance.

    Regards,
    M. J. Jaya Chitra
    Friday, May 16, 2008 9:59 AM

Answers

  • Hi M. J. Jaya Chitra

     

     

    No, as far as I know, it is not possible to get user windows account if Integrated Windows Authentication is not enabled at IIS level. The only choice I see here is perform the same as in the link you've provided (mix Windows and Forms authentication).

    If Integrated Windows Authentication is not enabled, then IIS does not transfer windows account token and your application will not have any chance to retrieve it.

    Friday, May 16, 2008 1:10 PM
  • It depends on what you mean by "logged in user"... If you just mean the name of the user logged into the windows machine, running the browser... That's tough.. But if you're just wanting to use Forms authentication and get the username after the log in page.. This method should work for you..

     

    You can check against AD using a LDAP query on the Login page... Then, when the Login page redirects to your application page, you can get the user name via HttpContext.Current.User.Identity.Name...

     

    A simple example of the Login form code could look something like this (assuming you have a login control on the page called Login1):

     

     

    Code Snippet

     

    using System.DirectoryServices;
    using System.Web.Security;

     

    partial class _Login : System.Web.UI.Page

    {
        protected void Page_Load(object sender, EventArgs e)
        {
            Page.SetFocus(Login1);
        }

     

        protected void Login1_Authenticate(object sender, System.Web.UI.WebControls.AuthenticateEventArgs e)
        {
            if (AuthenticateUsingLDAP(Login1.UserName, Login1.Password))
            {           
                FormsAuthentication.RedirectFromLoginPage(Login1.UserName, false);
            }
        }

     

        private bool AuthenticateUsingLDAP(string username, string password)
        {
            try
            {
                DirectoryEntry entry = new DirectoryEntry("LDAP://myDomainName.com/DC=myDomainName,DC=com", username, password) ;
               
                DirectorySearcher searcher = new DirectorySearcher(entry);
                           
                searcher.Filter = "(SAMAccountName=" + username + ")" ;

                SearchResult result = searcher.FindOne();      
                   
                // this will throw an exception if it fails.
                DirectoryEntry foo = result.GetDirectoryEntry();
                return true;
            }
            catch (ex As Exception)
            {
                return false;
            }       
        }
    }

     

     

     

    Then in your application code, use something like:

     

    Code Snippet

     

    string loggedInUserName = HttpContext.Current.User.Identity.Name;

     

     

     

    Hope that helps,

    Troy

    Friday, May 16, 2008 6:06 PM

All replies

  • Hi M. J. Jaya Chitra

     

     

    No, as far as I know, it is not possible to get user windows account if Integrated Windows Authentication is not enabled at IIS level. The only choice I see here is perform the same as in the link you've provided (mix Windows and Forms authentication).

    If Integrated Windows Authentication is not enabled, then IIS does not transfer windows account token and your application will not have any chance to retrieve it.

    Friday, May 16, 2008 1:10 PM
  • It depends on what you mean by "logged in user"... If you just mean the name of the user logged into the windows machine, running the browser... That's tough.. But if you're just wanting to use Forms authentication and get the username after the log in page.. This method should work for you..

     

    You can check against AD using a LDAP query on the Login page... Then, when the Login page redirects to your application page, you can get the user name via HttpContext.Current.User.Identity.Name...

     

    A simple example of the Login form code could look something like this (assuming you have a login control on the page called Login1):

     

     

    Code Snippet

     

    using System.DirectoryServices;
    using System.Web.Security;

     

    partial class _Login : System.Web.UI.Page

    {
        protected void Page_Load(object sender, EventArgs e)
        {
            Page.SetFocus(Login1);
        }

     

        protected void Login1_Authenticate(object sender, System.Web.UI.WebControls.AuthenticateEventArgs e)
        {
            if (AuthenticateUsingLDAP(Login1.UserName, Login1.Password))
            {           
                FormsAuthentication.RedirectFromLoginPage(Login1.UserName, false);
            }
        }

     

        private bool AuthenticateUsingLDAP(string username, string password)
        {
            try
            {
                DirectoryEntry entry = new DirectoryEntry("LDAP://myDomainName.com/DC=myDomainName,DC=com", username, password) ;
               
                DirectorySearcher searcher = new DirectorySearcher(entry);
                           
                searcher.Filter = "(SAMAccountName=" + username + ")" ;

                SearchResult result = searcher.FindOne();      
                   
                // this will throw an exception if it fails.
                DirectoryEntry foo = result.GetDirectoryEntry();
                return true;
            }
            catch (ex As Exception)
            {
                return false;
            }       
        }
    }

     

     

     

    Then in your application code, use something like:

     

    Code Snippet

     

    string loggedInUserName = HttpContext.Current.User.Identity.Name;

     

     

     

    Hope that helps,

    Troy

    Friday, May 16, 2008 6:06 PM
  • Hi
    We have sites using ldap authentication and wanted to login directly via sso ..after searching a lot i used this code to get my network user name.
    used a browser IE 7 and XP machines

    using System.Security.Principal;
    using System.Threading;

    WindowsPrincipal p = Thread.CurrentPrincipal as WindowsPrincipal;
    Response.Write("<br>identity : " + p.Identity.Name);

    using the domain and userid i checked ADS and did the rest.
    Thursday, January 28, 2010 6:41 AM