Capturing Windows Username without popping challenge box in the browser

[Raj Thakkar]

Hi,
I am currenty working on a site for intranet.
I have a user control in the header of every page that will be
displayed only if people with certain username are surfing the site.
These lists of usernames is stored on the server side in a xml based
file

So what I am doing at the moment is inside the user control pageload
method, i get the username of the current person logged in using
HttpContext.Current.User.Identity.Name and if the username is within
the list of 'allowed-access-usernames', I continue loading the
usercontrol else I set its visibility to false
so they can't see it.

It all works fine if I try to access the site from localhost.
The application grabs my windows username and verfies it against the
list, if i am present in the list, I see the control else I don't

The problem comes when I try to access the site from different machine.
As soon as i try to access the page, IE pops up a window asking for
username and password which I don;t want to.
I want to just grab the username of currenty logged in user on the
machine and give it to the server.

Can anyone help me how do i achieve this?

BTW, I am doing this using windows authentication.
In the IIS 5.1, I have
Anonymous Access unchecked
Integrated Windows Authentication checked

In web.config file
I have windows authentication
and
<identity impersonate="true" />


Thanks,
Raj

 

[Joyjit Mukherjee]

Hi,

Do you have any <deny/> element under the authorization tag ? It seems that
you are denying users so that IE pops up the window to enter username /
password.

Let me know your Web.config entry.

Joyjit

 

[aa7im]

Are the users accessing this machine all on the same Windows domain?

 

[Joyjit Mukherjee]

Ok..I got it, thats the default behavior for Internet zone security. If you
want a bypass, in IE, Click Tools -> Internet Options -> Security Tab ->
Internet -> Custom Level -> User Authentication -> Automatic logon with
current username and password. But thats a security breach and shouldn't be
practised.

Joyjit

 

[Patrick Olurotimi Ige]

Since u have impersonated the USER..(thats good)
But i think u should make sure the computer has ASPNET account!Or add
the computer to this acct!
That process needs to run!
Hope it helps..
Patrick
** is the machine on the same DOMAIN?**

 

[Prodip Saha]

Raj,
I think the problem is little different and simple. With Impersonation set
to True, you (impersonated account) must have the read access to the xml
file on the IIS server or whereever your xml file is located. To identify
this behavior you can grant yourself read permission to the folder where the
xml file is located but don't grant permission to others. Now only your
should be able to see the user control. If that's the case, you can grant
folder permission to everyone (if that's does not cause harm).

Note: If you don't impersonate make sure the ASPNET account has read access
to the xml file folder.

Hope this help.
Prodip Saha

 

[Patrick Olurotimi Ige]

Raj,
But is your problem the XML not rendreing to the page or u are being
asked to Authenticate with a LOGIN POPUP....
Because with XML to render u have to put the full path for example
c:\Xmlfiles\Xml\code.xml if u just add code.xml it WON't WORK..unless u
have Anonymous Access..
Patrick

 

[Raj Thakkar]

Thanks alot to everyone for the quick response. I seem to have solved
the problem.

I made a couple of mistakes.

a)
I didn't read the IIS and IE help pages properly.
It clearly stated there that Integrated Windows Authentication wouldnt
work using Proxy Server.

I didn't configure the IE on my Laptop to bypass proxy for intranet. I
was using my laptop to connect to the server. So of course it was going
without by passing the proxy and Integrated Authenication wouldn't work
then.

b)This was really stupid on my part. From my laptop, I wasn't logged in
as the same domain user as the server domain. I was logged in as a user
on the local computer. Really can't believe i overlooked this bit. So
the server kept asking me for username and password because the local
user account cou;dn't be verified under server domain.

I made the necessary changes and it works like a charm.
Thanks everyone again.

Raj

 

[Patrick Olurotimi Ige]

Raj good u solved it!
Enjoy!
Patrick