about getting current user Identity

Allah Kaa Bandaa

hi all, I have created an aps.net application. In web.config file we have but we are not using authorization tag. also we have . We are also using the anonymousaccess and giving one local user in the fields of anonymous access. It is required for our application. Now my problem is that, i want the name of user who is accessing the application. for example, if a person accesses the application from a remote computer, then i need that the identity of that user is displayed. During current situation, when i use "User.Identity.Name", then on runtime, null is returned from this property. and when i use "System.Security.Principal.WindowsIdentity.GetCurrent().Name.ToString()", then on runtime, when i access the application from a remote pc,then the name of user given as anonymous access is display rather than the actual user. Can somebody help me how can i get the actual user name keeping the conditions mentioned in first paragraph as it is.

Anushu

Hi, I think you can user the HttpServariables to solve your problem, for instance "System.Web.HttpContext.Current.Request.ServerVariables("REMOTE_HOST")" - this gives the IP of a remote client machine..there are some 40 (not sure really) or so ServerVariables and you can use them for obtaining the username

Anushu

Hi, its me again.. Check this out might help you "string sLOGGEDINUSER = System.Web.HttpContext.Current.Request.ServerVariables.Get("LOGON_USER");"

Allah Kaa Bandaa

It returned null during run time.... its behaviour is same as that of Page.User.Identity Can you suggest any other... I will be waiting for your response..

minhpc_bk

Hi there, IMO, you cannot get that information when the Anonymous mode is selected at IIS. Basically, when a http request arrives at IIS, IIS will authenticate the caller and pass the security token to the ASP.NET. If the Anonymous access is selected, IIS creates an access account for the anonymous user which by default is IUSR_MACHINE. So if you try to get the Identity.Name in code, then what you will receive is empty. For more information, you can see Building Secure ASP.NET Applications[^]

Allah Kaa Bandaa

Hi, I know that above mention thing.....but I was asking that is there any way that we can access that identity which arrives to IIS. I mean, does IIS store some where the identity that comes to it from external hosts? If it so then how can we retrieve it? If it is not so, then it is obvious that we cannot get it....

minhpc_bk

The answer is sadly no. When the Anonymous access is selected, the browser does not prompt the unauthenticated user for a user name and password, then you have no chance of getting that information either at IIS or in ASP.NET code. For more information, you can read the IIS documentation.