Capturing Windows Username without popping challenge box in the browser

Discussion in 'ASP .Net' started by Raj Thakkar, Dec 8, 2004.

  1. Raj Thakkar

    Raj Thakkar Guest

    Hi,
    I am currenty working on a site for intranet.
    I have a user control in the header of every page that will be
    displayed only if people with certain username are surfing the site.
    These lists of usernames is stored on the server side in a xml based
    file

    So what I am doing at the moment is inside the user control pageload
    method, i get the username of the current person logged in using
    HttpContext.Current.User.Identity.Name and if the username is within
    the list of 'allowed-access-usernames', I continue loading the
    usercontrol else I set its visibility to false
    so they can't see it.

    It all works fine if I try to access the site from localhost.
    The application grabs my windows username and verfies it against the
    list, if i am present in the list, I see the control else I don't

    The problem comes when I try to access the site from different machine.
    As soon as i try to access the page, IE pops up a window asking for
    username and password which I don;t want to.
    I want to just grab the username of currenty logged in user on the
    machine and give it to the server.

    Can anyone help me how do i achieve this?

    BTW, I am doing this using windows authentication.
    In the IIS 5.1, I have
    Anonymous Access unchecked
    Integrated Windows Authentication checked

    In web.config file
    I have windows authentication
    and
    <identity impersonate="true" />


    Thanks,
    Raj
     
    Raj Thakkar, Dec 8, 2004
    #1
    1. Advertising

  2. Hi,

    Do you have any <deny/> element under the authorization tag ? It seems that
    you are denying users so that IE pops up the window to enter username /
    password.

    Let me know your Web.config entry.

    Joyjit

    "Raj Thakkar" <> wrote in message
    news:...
    > Hi,
    > I am currenty working on a site for intranet.
    > I have a user control in the header of every page that will be
    > displayed only if people with certain username are surfing the site.
    > These lists of usernames is stored on the server side in a xml based
    > file
    >
    > So what I am doing at the moment is inside the user control pageload
    > method, i get the username of the current person logged in using
    > HttpContext.Current.User.Identity.Name and if the username is within
    > the list of 'allowed-access-usernames', I continue loading the
    > usercontrol else I set its visibility to false
    > so they can't see it.
    >
    > It all works fine if I try to access the site from localhost.
    > The application grabs my windows username and verfies it against the
    > list, if i am present in the list, I see the control else I don't
    >
    > The problem comes when I try to access the site from different machine.
    > As soon as i try to access the page, IE pops up a window asking for
    > username and password which I don;t want to.
    > I want to just grab the username of currenty logged in user on the
    > machine and give it to the server.
    >
    > Can anyone help me how do i achieve this?
    >
    > BTW, I am doing this using windows authentication.
    > In the IIS 5.1, I have
    > Anonymous Access unchecked
    > Integrated Windows Authentication checked
    >
    > In web.config file
    > I have windows authentication
    > and
    > <identity impersonate="true" />
    >
    >
    > Thanks,
    > Raj
    >
     
    Joyjit Mukherjee, Dec 8, 2004
    #2
    1. Advertising

  3. Raj Thakkar

    aa7im Guest

    Are the users accessing this machine all on the same Windows domain?
     
    aa7im, Dec 8, 2004
    #3
  4. Ok..I got it, thats the default behavior for Internet zone security. If you
    want a bypass, in IE, Click Tools -> Internet Options -> Security Tab ->
    Internet -> Custom Level -> User Authentication -> Automatic logon with
    current username and password. But thats a security breach and shouldn't be
    practised.

    Joyjit

    "Joyjit Mukherjee" <> wrote in message
    news:%...
    > Hi,
    >
    > Do you have any <deny/> element under the authorization tag ? It seems

    that
    > you are denying users so that IE pops up the window to enter username /
    > password.
    >
    > Let me know your Web.config entry.
    >
    > Joyjit
    >
    > "Raj Thakkar" <> wrote in message
    > news:...
    > > Hi,
    > > I am currenty working on a site for intranet.
    > > I have a user control in the header of every page that will be
    > > displayed only if people with certain username are surfing the site.
    > > These lists of usernames is stored on the server side in a xml based
    > > file
    > >
    > > So what I am doing at the moment is inside the user control pageload
    > > method, i get the username of the current person logged in using
    > > HttpContext.Current.User.Identity.Name and if the username is within
    > > the list of 'allowed-access-usernames', I continue loading the
    > > usercontrol else I set its visibility to false
    > > so they can't see it.
    > >
    > > It all works fine if I try to access the site from localhost.
    > > The application grabs my windows username and verfies it against the
    > > list, if i am present in the list, I see the control else I don't
    > >
    > > The problem comes when I try to access the site from different machine.
    > > As soon as i try to access the page, IE pops up a window asking for
    > > username and password which I don;t want to.
    > > I want to just grab the username of currenty logged in user on the
    > > machine and give it to the server.
    > >
    > > Can anyone help me how do i achieve this?
    > >
    > > BTW, I am doing this using windows authentication.
    > > In the IIS 5.1, I have
    > > Anonymous Access unchecked
    > > Integrated Windows Authentication checked
    > >
    > > In web.config file
    > > I have windows authentication
    > > and
    > > <identity impersonate="true" />
    > >
    > >
    > > Thanks,
    > > Raj
    > >

    >
    >
     
    Joyjit Mukherjee, Dec 8, 2004
    #4
  5. Since u have impersonated the USER..(thats good)
    But i think u should make sure the computer has ASPNET account!Or add
    the computer to this acct!
    That process needs to run!
    Hope it helps..
    Patrick
    ** is the machine on the same DOMAIN?**


    *** Sent via Developersdex http://www.developersdex.com ***
    Don't just participate in USENET...get rewarded for it!
     
    Patrick Olurotimi Ige, Dec 8, 2004
    #5
  6. Raj Thakkar

    Prodip Saha Guest

    Raj,
    I think the problem is little different and simple. With Impersonation set
    to True, you (impersonated account) must have the read access to the xml
    file on the IIS server or whereever your xml file is located. To identify
    this behavior you can grant yourself read permission to the folder where the
    xml file is located but don't grant permission to others. Now only your
    should be able to see the user control. If that's the case, you can grant
    folder permission to everyone (if that's does not cause harm).

    Note: If you don't impersonate make sure the ASPNET account has read access
    to the xml file folder.

    Hope this help.
    Prodip Saha

    "Raj Thakkar" <> wrote in message
    news:...
    > Hi,
    > I am currenty working on a site for intranet.
    > I have a user control in the header of every page that will be
    > displayed only if people with certain username are surfing the site.
    > These lists of usernames is stored on the server side in a xml based
    > file
    >
    > So what I am doing at the moment is inside the user control pageload
    > method, i get the username of the current person logged in using
    > HttpContext.Current.User.Identity.Name and if the username is within
    > the list of 'allowed-access-usernames', I continue loading the
    > usercontrol else I set its visibility to false
    > so they can't see it.
    >
    > It all works fine if I try to access the site from localhost.
    > The application grabs my windows username and verfies it against the
    > list, if i am present in the list, I see the control else I don't
    >
    > The problem comes when I try to access the site from different machine.
    > As soon as i try to access the page, IE pops up a window asking for
    > username and password which I don;t want to.
    > I want to just grab the username of currenty logged in user on the
    > machine and give it to the server.
    >
    > Can anyone help me how do i achieve this?
    >
    > BTW, I am doing this using windows authentication.
    > In the IIS 5.1, I have
    > Anonymous Access unchecked
    > Integrated Windows Authentication checked
    >
    > In web.config file
    > I have windows authentication
    > and
    > <identity impersonate="true" />
    >
    >
    > Thanks,
    > Raj
    >
     
    Prodip Saha, Dec 8, 2004
    #6
  7. Raj,
    But is your problem the XML not rendreing to the page or u are being
    asked to Authenticate with a LOGIN POPUP....
    Because with XML to render u have to put the full path for example
    c:\Xmlfiles\Xml\code.xml if u just add code.xml it WON't WORK..unless u
    have Anonymous Access..
    Patrick




    *** Sent via Developersdex http://www.developersdex.com ***
    Don't just participate in USENET...get rewarded for it!
     
    Patrick Olurotimi Ige, Dec 8, 2004
    #7
  8. Raj Thakkar

    Raj Thakkar Guest

    Thanks alot to everyone for the quick response. I seem to have solved
    the problem.

    I made a couple of mistakes.

    a)
    I didn't read the IIS and IE help pages properly.
    It clearly stated there that Integrated Windows Authentication wouldnt
    work using Proxy Server.

    I didn't configure the IE on my Laptop to bypass proxy for intranet. I
    was using my laptop to connect to the server. So of course it was going
    without by passing the proxy and Integrated Authenication wouldn't work
    then.

    b)This was really stupid on my part. From my laptop, I wasn't logged in
    as the same domain user as the server domain. I was logged in as a user
    on the local computer. Really can't believe i overlooked this bit. So
    the server kept asking me for username and password because the local
    user account cou;dn't be verified under server domain.

    I made the necessary changes and it works like a charm.
    Thanks everyone again.

    Raj
     
    Raj Thakkar, Dec 9, 2004
    #8
  9. Raj good u solved it!
    Enjoy!
    Patrick



    *** Sent via Developersdex http://www.developersdex.com ***
    Don't just participate in USENET...get rewarded for it!
     
    Patrick Olurotimi Ige, Dec 9, 2004
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. VB Programmer

    Login box popping up!

    VB Programmer, Dec 7, 2004, in forum: ASP .Net
    Replies:
    4
    Views:
    508
    VB Programmer
    Dec 8, 2004
  2. Learner
    Replies:
    3
    Views:
    631
  3. Paul Rubin
    Replies:
    18
    Views:
    11,089
    bodoora
    Sep 9, 2006
  4. Geert Vancompernolle

    How to run Python in Windows w/o popping a DOS box?

    Geert Vancompernolle, Jan 1, 2009, in forum: Python
    Replies:
    1
    Views:
    246
    GeertVc
    Jan 1, 2009
  5. Tony Wright

    Switching between http and https popping up a login box

    Tony Wright, May 28, 2004, in forum: ASP .Net Security
    Replies:
    0
    Views:
    123
    Tony Wright
    May 28, 2004
Loading...

Share This Page