Hello,

I'm trying to implement Windows Authentication into an ASP.NET application. I have a VB.NET class library that has a class for getting user information (which works correctly), but when I'm using that class library in the ASP.NET application, I'm getting the ASPNET account. Here it is more specifically:

In the class library, when I test it with a VB.NET application, the user ID has information of:
DOMAIN\bmains

but when I run this class library in my ASP.NET application, the user ID has information of:
MYCOMPUTER\ASPNET

Also, please not that I don't have anonymous access or basic as my choices for authenication.

How do I get ASP.NET to incorporate login names through windows authentication without resorting to a login screen?

Thanks,

Brian Mains

__________________
Brian

I should also say that the class library and ASP.NET applications are in separate projects, and the ASP.NET project makes a reference to the class library. I don't know if this makes a difference or not.

Thanks,

Brian Mains

If you don't specify Windows authentication for an ASP.net application, I'm not sure if you can easily retrieve the user's Windows username. It sounds like you might be using some reflection to retrieve the data, so remember that the executing code is running under the ASPNET user not the browsing user. But I think there is a way to retrieve that information. You might be able to dig it out of the ServerVariables collection.

Peter
------------------------------------------------------
Work smarter, not harder.

What I don't understand is that I'm accessing the user ID in the class library, which the ASP.NET account accesses this class. I specify the reference to the class library via the project > Add Reference, and select the DLL to include. Is there another way of including the project other than reflection, so that the WindowsIdentity object references the user account instead of ASPNET, or is that the only way?

The problem isn't with the way the class library is referenced/included/executed, it's with the actually method used of obtaining the ID. If you use reflection and you ask for the user id that the code is running under, it's always going to give you the ASPNET ID, because that's the windows user that the code is executing under. You need to utilize whatever resources the asp.net server objects provides (like server variables) to access the data that is passed in from the browser itself when a request is made. There may be some higher level functions available that utilize IE's capabilities to handle a Windows user's information. I think part of what you need to do is deal with settings in IIS.

I went into a local test web on my machine in IIS manager. Went to the "Directory Security" tab. Under "Anonymous access and authentication control" I clicked "Edit...". I unchecked "Anonymous access" and OKed/Applied everything. Then I browsed to a test page (ASP) that spits out server variables and I noticed that the "AUTH_TYPE" and "AUTH_USER" were now populated. "AUTH_TYPE" had "NTLM" and "AUTH_USER" contained my windows login username in the form of "<domain>\<user>"

Looks like this might be what you are looking for.

I'm still a tad confused about the differences between security in IIS (like I just tested) and windows authentication in ASP.net, and all the different settings in IIS, it just gets more and more confusing. So far I have only used forms authentication because usually I'm dealing with users who are not part of a domain so I need to implement my own authentication checks (against some database).

Peter
------------------------------------------------------
Work smarter, not harder.