Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Integrated Windows Authentication showing wrong loggedin user

I have an asp.net 2.0 application running on IIS 6.0. I am using Integrated Windows Authentication. Some users have two network accounts, a personal account and an administrative account. The problem I am facing is that sometimes when they are logged in on the client side using their personal accounts, the logged in user appears at the server side as the admin account. I am retrieving the logged in user network id using System.Security.Principal.WindowsIdentity.GetCurrent().Name. I suspect that their admin credentials are being cached somewhere and passed instead.

like image 365
Marwan Avatar asked Jun 23 '11 07:06

Marwan


People also ask

What happens when Windows Integrated authentication is used?

Integrated Windows authentication enables users to log in with their Windows credentials, using Kerberos or NTLM. The client sends credentials in the Authorization header. Windows authentication is best suited for an intranet environment. For more information, see Windows Authentication.

How do I check Integrated Windows authentication?

Enable Integrated Windows Authentication isn't checked in the properties of IE. This located under Internet Options -> Advanced -> Security.

Is Windows Authentication the same as SSO?

Windows authentication with SSO works the same way as Windows Authentication managed by IIS with respect to security zones. However, there are some differences. The SSO server will authenticate the user once.


2 Answers

For Windows 7, use "Control Panel/Credential Manager" (also available via "Control Panel/User Accounts/Manage Your Credentials"). This lists all cached credentials, and lets you easily delete the ones which are causing problems.

like image 125
MikeBeaton Avatar answered Sep 30 '22 17:09

MikeBeaton


This is an old issue, and still valid. I just found if you save credentials while using mstsc (Remote Desktop), and try to use Integrated Windows Auth against any site that is CNAMEd to that server, it will use the saved credentials. Those will be the ones you need to delete.

like image 23
Ryan Avatar answered Sep 30 '22 17:09

Ryan