wrong user/password didn't checked at AD RRS feed

  • Question

  • User-883890505 posted

    Hi All,

    I have created an MVC 5 Application with Windows Authentication,

    <authentication mode="Windows" />
      <deny users="?" />

     I have below code to get user's Display name along with I also want to do validation,

    protected void Session_Start(object sender, EventArgs e)
            if (Context.User != null)
        private void MapUserADDetails(IPrincipal user)
            using (HostingEnvironment.Impersonate())
            using (var domain = new PrincipalContext(ContextType.Domain, "test.com"))
            using (var usr = UserPrincipal.FindByIdentity(domain, user.Identity.Name))
                if (usr == null)
                Session.Add("UserDisplayName", usr.DisplayName);


    Now I am hosted this app to IIS with only windows authentication enabled. When I am browsing it, it's prompt for userName and Password, 


    Even I am entering wrong username/password or even doesn't fill anything, it's able to fetch Display Name.

    How to restrict this? User/Pass must be validate against the AD. Please suggest. Thanks!

    Monday, July 11, 2016 1:22 PM


All replies