If this is your first visit, be sure to
check out the
FAQ
by clicking the
link above. You may have to
register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.
I have been trying to perform security validation in a page using the credentials of the domain users ...
However, when I try to get the value in
Code:
HttpContext.Current.User.Identity.Name
is always returned blank.
PS: When I run the code in the IDE is returned "domain\user" ... but when the page is hosted on a IIS server, the returned value is always blank.
Any help? Thx in advance.
Greetings
by the way... What I want to do is ensure that a page can be accessed only by certain users, using the web.config... something like this
Code:
<location path="default1.aspx">
<system.web>
<authorization>
<allow users ="domain\user2" />
<allow users ="domain\user1" />
<deny users ="*" />
</authorization>
</system.web>
</location>
i used
Code:
System.Security.Principal.WindowsIdentity.GetCurrent().Name
and this code returns the identity of the IIS Aplication Pool (NETWORK SERVICE)... and not the current User.
My IIS is configured allowing Anonymous Access, with Integrated Windows Authentication...
So, the question is: How to validate access to a page using the web.config settings for users who are in a domain?
After some research I finally found an answer that solved my problem. I removed the anonymous access in IIS and in web.config added the following:
Code:
<authentication mode="Windows"/>
<identity impersonate="true"/>
<authorization>
<allow users ="krypton\zuperman" />
<deny users ="*" />
</ authorization>
I tested using the following code:
Code:
Imports System.Security
Protected Sub Page_Load (ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
As String Dim authUserName
As String Dim aspUserName
authUserName = User.Identity.Name
aspUserName = Principal.WindowsIdentity.GetCurrent.Name
authUserPrincipalLabel.Text = "You are" & authUserName
aspPrincipalLabel.Text = "This page runs as:" & aspUserName
End Sub
Both labels returns the current user...
When I try to enter a user that is not set to access in the web.config, IIS shows the access denied error ... exactly how it should do.
I hope I have solved my problem, however, like to keep the topic open to see if I can get other opinions...
Looks like you got the answer, that I was just in the process of typing (only just read your last post) and what you have is perfectly valid.
Advertiser Disclosure:
Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
