Anonymous Access Question

[GoTerps88]

If I have DirectorySecurity turned on to Anonymous Access can I still get the Windows Logon of the user. Right now I am just getting IUSER_Machinename.

 

[jshurst]

I don't think so because the process is running under the anonymous account. What happens if your user doesn't have a windows account?

If you want the user's windows logon then why don't you disable anonymous access?

 

[GoTerps88]

Right, that's what I assumed. I just didn't know if there was some backdoor method of getting the Windows logon anyway.

Are there any security considerations in allowing the requests to fall under the user's window account as opposed to an anonymous account?

 

[Sheco]

If you just disable anonymous for one file IIS will send a 401 Access Denied and IE should automatically repeat the HTTP Request using the user's credentials and then all subsequent HTTP Requests to the same server will be sent with the credentials. Firefox will probably prompt the user.

 

[Sheco]

I wonder if the one file could be a tiny image?

 

[GoTerps88]

I haven't tried that Sheco but I found out that Anonymous Access was disabled on the IIS Server. However they have it configured so it is running under a specific account. In DirectorySecurity, they have check Connect As then entered an account.

If I run this code

WindowsPrincipal wp = (WindowsPrincipal)HttpContext.Current.User;
string strUser = wp.Identity.Name;

I get the connect as user.

If I run the old asp code of getting the windows logon

Request.ServerVariables["LOGON_USER"];

I get my windows logon.

Is there a way to get the windows logon with the WindowsPrincipal or WindowsIdentity with this type of configuration?

Thanks.