Asp.net Core Web API - Current user & Windows Authentication

9
votes

We have following technical stack in our application AngularJS2 Asp.Net Core API SQL Server

Now we need to store User Name for the Logged in User in table during Create/Edit for given item i.e. in Core API.

We have tried with

  • WindowsIdentity.GetCurrent().Name, it gives IIS APPPOOL\Asp.netCore
  • HttpContext.User.Identity gives null value

I get User Name with WindowsIdentity while working with Visual Studio, but with IIS, it gives value as Asp.Netcore i.e. pool name

Windows Authentication is enabled and Anonymous Authentication is disabled

Using IIS Version 6.1

Am I missing anything?

3
iisasp.net-corewindows-authentication
I have the same issue but with iis 7.5 in production. On my dev machine i get my ntId, but when i deploy to prod I still get the application pool name. There is no launchSettings.json file when you deploy. Do you have the same issue when deploying to production?freddoo
update - I changed my System.Security.Principal.WindowsIdentity.GetCurrent().Name to User.Identity.Name and now it works. I did not work previously.freddoo

3 Answers

9
votes

Do you have the forwardWindowsAuthToken set to true in the web.config?

<aspNetCore processPath="%LAUNCHER_PATH%" arguments="%LAUNCHER_ARGS%" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="true"/>
6
votes

I looked around and it was suggested to create Asp.Net Core WebApi application using Windows Authentication.

So when i created Asp.Net Core WebApi using Windows Authentication it worked and i got values in User.Identity objects.

So i created 2 applications i.e. one with Windows Authentication and one without, and then compared all files and found changes in following files

  • forwardWindowsAuthToken - true, this was tried before but issue was not solved and same was suggested by Daboul
  • launchSettings.json, Set windowsAuthentication: true & anonymousAuthentication: false

After doing this, I was able to values in User.Identity object.

The launchSettings.json file:

{
  "iisSettings": {
    "windowsAuthentication": true,
    "anonymousAuthentication": false
    }
}

The Web.Config:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <system.webServer>
    <handlers>
      <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
    </handlers>
    <aspNetCore forwardWindowsAuthToken="true" processPath="C:\Program Files\dotnet\dotnet.exe" arguments=".\YourWebsite.dll" stdoutLogEnabled="true" stdoutLogFile=".\logs\stdout" />
        <security>
            <authentication>
                <windowsAuthentication enabled="true" />
                <anonymousAuthentication enabled="false" />
            </authentication>
        </security>
  </system.webServer>
</configuration>
2
votes

On Windows Server 2012 R2/IIS 8.0, even after setting forwardWindowsAuthToken=true in web.config, User.Identity.Name was not returning the user name but IIS APPPOOL so to resolve the issue I made below change;

  1. Go to the web application in IIS
  2. Open Configuration Editor
  3. Change Section to system.webServer/serverRuntime
  4. Change authenticatedUserOverride to UseAuthenticatedUser (for me it was set to UseWorkerProcessUser)

For further details refer to below link; https://blogs.iis.net/jaroslad/what-does-the-authenticateduseroverrideuser-do