开发者

Windows Authentication succeeds but IsAuthenticated == false

开发者 https://www.devze.com 2023-01-05 07:06 出处:网络
开发者_JAVA百科Environment is IIS 7 integrated pipeline, ASP.NET 4.0. I have a .aspx page configured without anonymous authentication and with windows authentication:
开发者_JAVA百科

Environment is IIS 7 integrated pipeline, ASP.NET 4.0. I have a .aspx page configured without anonymous authentication and with windows authentication:

  <location path="auth/windows">
    <system.webServer>
      <security>
        <authentication>
          <anonymousAuthentication enabled="false" />
          <windowsAuthentication enabled="true" />
        </authentication>
      </security>
    </system.webServer>
  </location>

When I request the page, a normal Windows auth (NTLM/Negotiate) challenge response happens, and ultimately the page is returned.

I have an HttpModule in which I handle the PostAuthorize event. As expected, this event is only raised once the challenge-response authentication has succeeded and access to the page has been authorized.

However, the Request.IsAuthenticated property is false; and HttpContext.Current.User.Identity reflects an unauthenticated user (.Name returns the empty string). Interestingly, Request.ServerVariables["LOGON_USER"] does return the value of the authenticated Windows user.

I'd have thought that once the user was authenticated (and authorized, for that matter), the request would reflect being authenticated; and the User / Identity for the request would have been properly set.

Any thoughts on why this is not the case?

Thanks,

Donnie


It turns out that the native handling of Windows authentication works when you have Forms authentication enabled in Web.config. But the managed part of Windows authentication - associating the authenticated Windows user with an IIdentity-derived object representing that user - only happens if Windows authentication is enabled in Web.config. Looks like I'll have to rely on the Request.ServerVariables["LOGON_USER"] value.


windows Authentication is enabled in IIS and authentication mode set to windows in my web.config file.

 <authentication mode="Windows">     
    </authentication>

My site is asking for credentials and it's working fine. but when check using

HttpContext.User.Identity.Name

is empty string Or HttpContext.User.Identity.IsAuthenticated is false;

I used Request.ServerVariables["LOGON_USER"].Tostring(); to get logged in user credentials.

It worked for me, Thanks for Posting soccerdad.

0

精彩评论

暂无评论...
验证码 换一张
取 消