Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

User.Identity.Name blank in ASP.Net MVC

Exactly as per the title.

Simply in my HomeController I have:

string Username = User.Identity.Name;

Why is this value always blank?

Is there something special I have to place in the web.config to get this value to come through. I've tried on both the VS dev web server as well as on a windows server 2003 IIS server.

It's got to be something simple, a server setting in IIS or something as the code is so simple and seems to be the correct way to reference this value.

Thx a lot

like image 650
Aaron Avatar asked Jul 01 '09 06:07

Aaron


3 Answers

If you are wanting to use windows authentication it's not enough to just add

...
 <system.web>
  ...
  <authentication mode="Windows"/>
  ...
 </system.web>
 ...

You also want to check the readme file instructions for the MVC project, especially if your running in IIS Express and using Visual Studio 2012.

See below:

Hosting on IIS Express:

  1. Click on your project in the Solution Explorer to select the project.

  2. If the Properties pane is not open, open it (F4).

  3. In the Properties pane for your project:
    a) Set "Anonymous Authentication" to "Disabled".
    b) Set "Windows Authentication" to "Enabled".

Hosting on IIS 7 or later:

  1. Open IIS Manager and navigate to your website.

  2. In Features View, double-click Authentication.

  3. On the Authentication page, select Windows authentication. If Windows authentication is not an option, you'll need to make sure Windows authentication is installed on the server.

    To enable Windows authentication on Windows:

a) In Control Panel open "Programs and Features". b) Select "Turn Windows features on or off".

c) Navigate to Internet Information Services > World Wide Web Services > Security and make sure the Windows authentication node is checked.

To enable Windows authentication on Windows Server:

a) In Server Manager, select Web Server (IIS) and click Add Role Services.

b) Navigate to Web Server > Security and make sure the Windows authentication node is checked.

  1. In the Actions pane, click Enable to use Windows authentication.

  2. On the Authentication page, select Anonymous authentication.

  3. In the Actions pane, click Disable to disable anonymous authentication.

like image 158
Pricey Avatar answered Oct 16 '22 20:10

Pricey


Sure is mate. You need to authenticate with the website. That's the name used for authentication.

You are authenticating, right?

It's not a setting, etc.

Click the LOG IN link, if you're using the stock standard ASP.NET MVC template (if my memory serves me right).

UPDATE (as the posted has added more info/comments)

So what you're after is Windows Authentication. A quick google search came up with this post. It's pretty helpful (though a bit old, but still relevant) .. check that out.

Found a better post with MVC code for Windows Authentication. Check that out instead.

Config setting that is important, is...

...
 <system.web>
  ...
  <authentication mode="Windows"/>
  ...
 </system.web>
 ...
like image 20
Pure.Krome Avatar answered Oct 16 '22 19:10

Pure.Krome


If you do not wish to Authorize on every controller or action, you can do a blanket authorization in the web.config file. This should work as long as you are using Windows authentication. If you allow ASP.NET to control the authentication, then you would not need to configure any IIS setting. It should then work well with whatever web server that you are running on. I do not know or assume what u have tried so far I'll try to be complete in my answer. First remark off the forms authentication tag in web.config. All following settings are placed in the system.web configuration section.

<!--
    <authentication mode="Forms">
      <forms loginUrl="~/Account/LogOn" timeout="2880" />
    </authentication>
-->

Replace with the Windows authentication tag.

<authentication mode="Windows" />

Then add the authorization tag to deny access to anonymous users. If the users are using Internet Explorer and are connecting from an Intranet zone, IE automatically will login the user. But if the user is connecting from the Internet zone, IE will still display a login box though for safety. But these are options that can be set from IE.

<authorization>
    <deny users="?" />
</authorization>

Setting authentication mode alone without authorization does not force the user to be authenticated in ASP.NET. If you want to control the security from IIS, I cannot help much with IIS settings but I know basically you can disable Basic Authentication , then enable Integrated Windows Authentication and then disable the Anonymous Login Account which will achieve the same or better results.

I am also working on an MVC project at the moment and I tested the above settings with my project and it works. You would not need the Authorize attribute since we have the authorization tag in the configuration. I hope this can be of help to you and not get another -1.

like image 8
anonymous Avatar answered Oct 16 '22 20:10

anonymous