locked
wrong user/password didn't checked at AD RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    User-883890505 posted

    Hi All,

    I have created an MVC 5 Application with Windows Authentication,

    <authentication mode="Windows" />
<authorization>
  <deny users="?" />
</authorization>

     I have below code to get user's Display name along with I also want to do validation,

    protected void Session_Start(object sender, EventArgs e)
    {

        if (Context.User != null)
        {
            MapUserADDetails(Context.User);
        }
    }

    private void MapUserADDetails(IPrincipal user)
    {

        using (HostingEnvironment.Impersonate())
        using (var domain = new PrincipalContext(ContextType.Domain, "test.com"))
        using (var usr = UserPrincipal.FindByIdentity(domain, user.Identity.Name))
        {
            if (usr == null)
            {
                return;
            }

            Session.Add("UserDisplayName", usr.DisplayName);
        }
    }

     

    Now I am hosted this app to IIS with only windows authentication enabled. When I am browsing it, it's prompt for userName and Password, 

    Question,

    Even I am entering wrong username/password or even doesn't fill anything, it's able to fetch Display Name.

    How to restrict this? User/Pass must be validate against the AD. Please suggest. Thanks!

    Monday, July 11, 2016 1:22 PM

Answers

All replies