windows authentication and mssql server

Discussion in 'ASP .Net Security' started by Tjoep, Apr 20, 2005.

  1. Tjoep

    Tjoep Guest

    Hi,

    I've got this asp project, Authentication mode is set to Windows and the
    identity impersonate is enabled.
    Is there any way to find out what user is logged in? I was thinking about
    something like the User.Identity object. But when i check the User.Identity,
    it is logged-in as an annonymous user (spelling?)

    The main thing I want to do with my project is the following:
    a user opens the page and authenticates with his windows password, then he
    is shown all his projects. That is, the projects he is allowed to see. All
    the data of the projects are stored in an mssql database.We connect to the
    database with a connectionstring that states "Trusted_Connection=true".

    But somehow al the users see every project from the database.
    Any help is appreciated.


    best regards,
    Bart
    Tjoep, Apr 20, 2005
    #1
    1. Advertising

  2. Tjoep

    Paul Clement Guest

    On Wed, 20 Apr 2005 07:09:01 -0700, "Tjoep" <> wrote:

    ¤ Hi,
    ¤
    ¤ I've got this asp project, Authentication mode is set to Windows and the
    ¤ identity impersonate is enabled.
    ¤ Is there any way to find out what user is logged in? I was thinking about
    ¤ something like the User.Identity object. But when i check the User.Identity,
    ¤ it is logged-in as an annonymous user (spelling?)
    ¤
    ¤ The main thing I want to do with my project is the following:
    ¤ a user opens the page and authenticates with his windows password, then he
    ¤ is shown all his projects. That is, the projects he is allowed to see. All
    ¤ the data of the projects are stored in an mssql database.We connect to the
    ¤ database with a connectionstring that states "Trusted_Connection=true".
    ¤
    ¤ But somehow al the users see every project from the database.
    ¤ Any help is appreciated.

    Did you configure the web application (in IIS) for either Basic or Integrated Windows
    authentication?


    Paul
    ~~~~
    Microsoft MVP (Visual Basic)
    Paul Clement, Apr 20, 2005
    #2
    1. Advertising

  3. Hello Tjoep,

    grab a copy of ShowContexts.aspx [1] - this exactly shows you under which
    identities your app is running - you know there are three ones in ASP.NET
    you have to deal with -

    Process Identity
    Thread Identity
    Context.User


    [1] http://www.pluralsight.com/toolcontent/show_contexts.zip
    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > Hi,
    >
    > I've got this asp project, Authentication mode is set to Windows and
    > the
    > identity impersonate is enabled.
    > Is there any way to find out what user is logged in? I was thinking
    > about
    > something like the User.Identity object. But when i check the
    > User.Identity,
    > it is logged-in as an annonymous user (spelling?)
    > The main thing I want to do with my project is the following:
    > a user opens the page and authenticates with his windows password,
    > then he
    > is shown all his projects. That is, the projects he is allowed to see.
    > All
    > the data of the projects are stored in an mssql database.We connect to
    > the
    > database with a connectionstring that states
    > "Trusted_Connection=true".
    > But somehow al the users see every project from the database. Any help
    > is appreciated.
    >
    > best regards,
    > Bart
    Dominick Baier [DevelopMentor], Apr 20, 2005
    #3
  4. Tjoep

    swat Guest

    If you have Anonymous enabled in IIS and impersonation enabled in the
    config file, WindowsIdentity.GetCurrent().Name will return
    IUSR_<machinename> and User.Identity.Name will be an empty string.

    What you want is to get both User.Identity.Name and
    WindowsIdentity.GetCurrent().Name returning the currently logged on
    user. To do this, you need to disable Anonymous in IIS (and only enable
    Windows Integrated) and enable impersonation in the config file.

    HTH.
    swat, Apr 20, 2005
    #4
  5. Tjoep

    Tjoep Guest

    Hi all,

    I found my mistake, the anonymous acces was indead enabled.
    Thanks for all your quick responses. seems to me, I can now succesfully read
    the identity.

    Bart
    Tjoep, Apr 21, 2005
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. sefe dery
    Replies:
    1
    Views:
    420
    artificer
    Sep 7, 2005
  2. Josh Close
    Replies:
    2
    Views:
    344
    Elbert Lev
    Sep 30, 2004
  3. Josh Close
    Replies:
    5
    Views:
    1,666
    Benji York
    Oct 4, 2004
  4. Peter Lykkegaard
    Replies:
    7
    Views:
    2,532
    Cowboy \(Gregory A. Beamer\)
    Apr 21, 2009
  5. Replies:
    1
    Views:
    171
Loading...

Share This Page