Exactly as per the title.
Simply in my HomeController I have:
string Username = User.Identity.Name;
Why is this value always blank?
Is there something special I have to place in the web.config to get this value to come through. I've tried on both the VS dev web server as well as on a windows server 2003 IIS server.
It's got to be something simple, a server setting in IIS or something as the code is so simple and seems to be the correct way to reference this value.
Thx a lot
If you are wanting to use windows authentication it's not enough to just add
...
<system.web>
...
<authentication mode="Windows"/>
...
</system.web>
...
You also want to check the readme file instructions for the MVC project, especially if your running in IIS Express and using Visual Studio 2012.
See below:
Hosting on IIS Express:
Click on your project in the Solution Explorer to select the project.
If the Properties pane is not open, open it (F4).
In the Properties pane for your project:
a) Set "Anonymous Authentication" to "Disabled".
b) Set "Windows Authentication" to
"Enabled".
Hosting on IIS 7 or later:
Open IIS Manager and navigate to your website.
In Features View, double-click Authentication.
On the Authentication page, select Windows authentication. If Windows authentication is not an option, you'll need to make sure
Windows authentication is installed on the server.
To enable Windows authentication on Windows:
a) In Control Panel open "Programs and Features".
b) Select "Turn Windows features on or off".
c) Navigate to Internet Information Services > World Wide Web Services > Security
and make sure the Windows authentication node is checked.
To enable Windows authentication on Windows Server:
a) In Server Manager, select Web Server (IIS) and click Add Role Services.
b) Navigate to Web Server > Security
and make sure the Windows authentication node is checked.
In the Actions pane, click Enable to use Windows authentication.
On the Authentication page, select Anonymous authentication.
In the Actions pane, click Disable to disable anonymous authentication.
Sure is mate. You need to authenticate with the website. That's the name used for authentication.
You are authenticating, right?
It's not a setting, etc.
Click the LOG IN link, if you're using the stock standard ASP.NET MVC template (if my memory serves me right).
UPDATE (as the posted has added more info/comments)
So what you're after is Windows Authentication. A quick google search came up with this post. It's pretty helpful (though a bit old, but still relevant) .. check that out.
Found a better post with MVC code for Windows Authentication. Check that out instead.
Config setting that is important, is...
...
<system.web>
...
<authentication mode="Windows"/>
...
</system.web>
...
If you do not wish to Authorize on every controller or action, you can do a blanket authorization in the web.config file. This should work as long as you are using Windows authentication. If you allow ASP.NET to control the authentication, then you would not need to configure any IIS setting. It should then work well with whatever web server that you are running on. I do not know or assume what u have tried so far I'll try to be complete in my answer. First remark off the forms authentication tag in web.config. All following settings are placed in the system.web configuration section.
<!--
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
-->
Replace with the Windows authentication tag.
<authentication mode="Windows" />
Then add the authorization tag to deny access to anonymous users. If the users are using Internet Explorer and are connecting from an Intranet zone, IE automatically will login the user. But if the user is connecting from the Internet zone, IE will still display a login box though for safety. But these are options that can be set from IE.
<authorization>
<deny users="?" />
</authorization>
Setting authentication mode alone without authorization does not force the user to be authenticated in ASP.NET. If you want to control the security from IIS, I cannot help much with IIS settings but I know basically you can disable Basic Authentication , then enable Integrated Windows Authentication and then disable the Anonymous Login Account which will achieve the same or better results.
I am also working on an MVC project at the moment and I tested the above settings with my project and it works. You would not need the Authorize attribute since we have the authorization tag in the configuration. I hope this can be of help to you and not get another -1.
Have you attached Authorize attribute to ur action or controller?
public class HomeController : Controller {
[Authorize]
public ActionResult Index() {
string userName = User.Identity.Name;
return View();
}
}
Related
We want to host ASP.NET MVC 5 project (.NET 4.8 Framework) where users will be automatically authenticated via their Windows login. When the users call the hosted project via the browser, then the browser should not prompt the user to login. The browser should pass the login-data to the server-side controller automatically.
Regarding this article, the Integrated Windows Authentication uses the security features of Windows clients and servers. Unlike Basic or Digest authentication, initially, it does not prompt users for a user name and password.
So the Integrated Windows Authentication seem to be the correct solution for our problem.
The MVC 5 Project has the following entry in the web.config file:
<configuration>
[...]
<system.web>
[...]
<authentication mode="Windows" />
<authorization>
<deny users="?" />
</authorization>
</system.web>
Here are the authenciation settings in IIS:
The authenticated user data is accessible in the controller by the following code:
public class HomeController : Controller
{
public ActionResult Index()
{
var lWindowsIdentity = Request.LogonUserIdentity;
[...]
}
}
The Problem: When we access the site in the browser via the binding http://192.168.178.41 then we expect, that the user is logged in automatically, but an prompt appears:
How to login in asp.net MVC using windows authentication without prompt?
Have you try the answer from this ticket ASP.NET MVC intranet app with windows authentication, how to get the current domain user automatically? ?
The fix for that guy was to go to authentication menu in iis -> select windows authentication -> click providers in the right pane -> adjust so that only NTLM is in the list of available providers. Negotiate seems to be the culprit for forcing the log-in prompt.
Check if the page is in the intranet zone... if not you might need to add it specifically to the intranet zone using the servername and/or ip address via configuration / internet options / security / local intranet / websites
Disable "Anonymous authentication" and make sure that "NTLM" is above "Negotiate" as a windows authentication provider (right-click in IIS on "Windows Authentication")
And since you disabled the "anonymous authentication" provider, there is no need for the <authorization> section in your web.config. remove it.
Finally test if it works.
I think on development web server that is with in the localhost environment it will skip the prompt but when the application runs through IIS(production) server, it prompts the user with the dialog that is pretty normal behavior. When you initiate a local url(your local ip) it kicks in IIS web server(not local) which checks for windows authentication and issues a prompt.
Please see this
I need my MVC4 app to get the current domain user that is logged on to the machine automatically logged in in my index.cshtml page.
the rest of the application works as intended by using the Authorize attribute the actions i need secured.
I just need to say to the app "get the current machine logged in user , dont secure anything and take the user to the landing page".
web.config:
<authentication mode="Windows" />
like this the user is BLANK on the landing page.
If i try to put just [Authorize] on my index action then it asks for credentials and then continues as i want, without securing anything on the landing page.
Is there any way around this?
UPDATE:
No matter what you do , it seems that there is no way to bypass the login prompt and make the application automatically get the current domain user and log him in the app.
Check this from MSDN
add impersonate="true" along with it
<identity impersonate="true"/>
<authentication mode="Windows" />
Then use
((HttpContext)context).User.Identity as WindowsIdentity
Use Windows Authentication and for ASP.NET and IIS and specify the ASP.NET URL Authorization in the web.config as shown in this answer. Whenever the current user is authorised, the user will be silently logged in.
Tested using IE 11, IIS 8.5, Windows Server 2012 R2.
i just finished fighting with this problem. i should preface that this is with iis 7 running on win 2k8r2. the fix for me was to go to authentication menu in iis -> select windows authentication -> click providers in the right pane -> adjust so that only ntlm is in the list of available providers. negotiate seems to be the culprit for forcing the log-in prompt.
You may also try adding the following to your <appSettings>:
<add key="enableSimpleMembership" value="false" />
I'm trying to enable Windows Authentication to develop locally, as per the title:
Windows 8 (pro)
VS2012
IISExpress
ASP.Net MVC4 project
Orchard CMS is the project (but I don't think this is relevant)
Via the project properties, I've set Windows Authentication to enabled and Anonymous Authentication to disabled.
In the web.config I've set:
<authentication mode="Windows" />
However, when running the site I'm continually prompted for credentials. Entering Windows 8 or local account credentials don't seem to make any difference and I've set those accounts to have full permissions on the folder.
Any suggestions gratefully received!
UPDATE 1:
As suggested by Darin Dimitrov I created a blank MVC project and selected the Intranet template. After setting Anonymous Authorisation to disabled and Windows Authentication enabled this test project worked exactly as expected (prompts for credentials when entered provides access to site). I applied the same authorisation config to my Orchard projects web.config:
<authentication mode="Windows" />
<authorization>
<deny users="?" />
</authorization>
But still no joy, I'm prompted for credentials as expected but nothing I enter seems to authorise the user. I've Pastie'd the two web.configs below in case anyone else can point out what I'm missing?
Orchard Web.Config: http://pastie.org/private/8oe5jesvt0vmqgyn3w
Sample Web.Config: http://pastie.org/private/zgxyue03crzd6fb8umlidq
Make sure you have enabled Windows Authentication in the properties of the Web Server and disabled Anonymous authentication:
Also make sure you have read the Text file that was generated for you when you created your new MVC application using the Intranet Template:
In order to use the Intranet template, you'll need to enable Windows
authentication and disable Anonymous authentication.
IIS 7 & IIS 8
Open IIS Manager and navigate to your website.
In Features View, double-click Authentication.
On the Authentication page, select Windows authentication. If Windows authentication is not an option, you'll need to make sure
Windows authentication is installed on the server.
To enable Windows authentication on Windows:
a) In Control Panel open "Programs and Features".
b) Select "Turn Windows features on or off".
c) Navigate to Internet Information Services > World Wide Web Services > Security
and make sure the Windows authentication node is checked.
To enable Windows authentication on Windows Server:
a) In Server Manager, select Web Server (IIS) and click Add Role Services
b) Navigate to Web Server > Security
and make sure the Windows authentication node is checked.
In the Actions pane, click Enable to use Windows authentication.
On the Authentication page, select Anonymous authentication.
In the Actions pane, click Disable to disable anonymous authentication.
IIS Express
Click on your project in the Solution Explorer to select the project.
If the Properties pane is not open, open it (F4).
In the Properties pane for your project:
a) Set "Anonymous Authentication" to "Disabled".
b) Set "Windows Authentication" to "Enabled".
I have an intranet application using windows authentication that works great. Now I have a requirement to expose an Api area. This area should use basic authentication but to keep things easy I am first just trying to make this area allowed to anonymous.
I am using IIS 7.5 and it is configured like this:
IIS > My Intranet Site > Authentication > Windows Authentication Enabled,
everything else Disabled
in the application root web.config I have
<authentication mode="Windows"></authentication>
All the intranet controllers (except for Api Area) inherit from a BaseController that have an AuthorizeAttribute
I tried adding
<location path="~/Api">
<system.web>
<authentication mode="None" />
</system.web>
</location>
In the web.config for the API area, but no go, still get prompted for credentials.
My application structure looks like this
-IntranetApp
--Controllers
--Areas
----Area1
----Area2
----Api
All should be using Windows Authentication except for Api area.
Thanks for any help/pointers.
I don't know details, but the way I've seen "mixed" authentication done is two web applications. The one with windows authentication enabled will then use the ASP membership API to authenticate the user(and automatically create a username if necessary using information from domain account) and then redirect to the other site. Both site's membership config share the same application ID, keys, etc.
You are probably running into this:
"you cannot achieve this within a single application because in IIS once you set up Windows authentication for a virtual directory it will no longer accept users from different domains."
See this for more information on setting up one version of this:
ASP.NET MVC and mixed mode authentication
I've been building a ASP.NET MVC application and using forms authentication. In my controller action I have:
[Authorize(Users = "me,joe")]
that has been working great. Last night when I published the newest changes and attempt to view my website it started popping up a Windows Authentication dialog box. I've looked at all my code and cannot figure out WHY it would change to Windows authentication. My web.config file has not changed in at least 10 days. If I run the code from my dev box it does not do this...only when it is run from my host. And if I remove the Authorize line from my controller action it does not happen.
How can I fix this or how can I debug my solution to see why this is happening?
BTW, my web.config says:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
This is most likely do to IIS settings for authentication and permissions on the website's folder on the web server. I would check both of those before anything else.
I'm just shooting in the dark, but do you have an <identity> setting in your web.config?
<system.web>
...
<identity impersonate="true"/>
...
</system.web>
If so, it might help to remove this line. It might also help to ask your hosting provider why Windows Authentication is suddenly being applied to your web site. As others have mentioned there are IIS settings which could be causing this behavior.
I think you need to set the permissions for IUSER, IWAM
Using the Windows Explorer browse to the folder you are wanting to grant permissions. Right click on the folder and select "properties". In the resulting dialog click on the "Security" tab near the top. You can then add or edit security for these accounts (IUSR_machineName, IWAM_macnineName, and ASPNET).