8

I am running a webpage that needs to be able to read the login id of the current user. Here is the code I am using:

string id = System.Security.Principal.WindowsIdentity.GetCurrent().Name;

Currently this returns the correct login but when I use it in this method:

protected Boolean isPageOwner()
{
    string id = System.Security.Principal.WindowsIdentity.GetCurrent().Name;
    alert("User: " + id);
    if (id.Equals(pageOwnerID))
    {
        return true;
    }
    if (accessPermission.ContainsKey(id))
    {
        return true;
    }
    return false;
}

the method returns false even though the id returned is identical to pageOwnerID. I'm really not sure which part of this I am having a problem with.

On a side note, my login id is of the form string1/string2 but the code retrieves it as string1 + string2 without the slash.

Any advice is appreciated.

Regards.

Improve this question
9
  • What is the exact string for id and pageOwnerID. It sounds like it may be abc/123 and abc123 from your description, which would not work. Commented Jul 19, 2012 at 19:34
  • When I was developing this page on my local machine I was able to detect my logon id in the form "abc/123" with the slash. As soon as I deployed the page on the server the logon id was retrieved without the slash -- so abc123. So I changed pageOwnerID to remove the slash but the test for equality is failing mysteriously. Commented Jul 19, 2012 at 19:37
  • 1
    Why don't you log/output both id and pageOwnerID so you can compare. Obviously they are not the same. Commented Jul 19, 2012 at 19:49
  • Are you sure it's not a backslash, \? Commented Jul 19, 2012 at 19:49
  • 1
    Do not use the WinIdentity, use Request.User Commented Jul 19, 2012 at 19:58

2 Answers 2

Reset to default
11

Try using this to retrieve the username....

if (System.Web.HttpContext.Current.User.Identity.IsAuthenticated)
{
   string username = System.Web.HttpContext.Current.User.Identity.Name;
}

It sounds like windows authentication is not being used - you need to disable anonymous access and enable windows integrated security.

Add this to your web.config...

<system.web>
 <authentication mode="Windows"/>
  <authorization>
    <deny users="?"/> 
  </authorization>
</system.web>
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

This would work under normal circumstances, but IIS configuration may setup impersonation that will fool ASP.NET into thinking System.Web.HttpContext.Current.User.Identity.Name (or Request.User.Identity.Name) is not the actual logged in user.
It will be empty if IsAuthenticated is false.
Ah, sorry, I meant I had tried string id = System.Web.HttpContext.Current.User.Identity.Name; without the if-clause. Also, this is in my web.config file: <authentication mode="Windows" />
You need to configure IIS to enable integrated security and disable anonymous.
Thanks. I'll pounce on the server admin first thing tomorrow.
1

If you need the current logged in user's identity from within any layer (or Project in your solution) then use:

string userId = Thread.CurrentPrincipal.Identity.GetUserId();

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.