Solved

I need to get the user name AUTOMATICALLY from user's logging into an Intranet.

Posted on 2006-06-29
14
1,006 Views
Last Modified: 2012-06-21
I am using ASP.NET VB and trying to get user information when they enter my Intranet.

Since the user is already a valid user on the network, I don't want to prompt the user again to enter their info.  On an older intranet I had written, I simply loaded a VB6 ActiveX control on the user's machine, then I could check whatever I needed to.

With ASP.NET, I was hoping to be able to do something similar.  I can get the Active Directory user's info ON MY DEVELOPMENT machine, but when deployed to the server, this doesn't work.  I need a way to get this info WITHOUT forcing the user to enter anything.  If I turn OFF Anonymous access, the user gets prompted for name and password, I do NOT want this to happen.

Any help will be greatly appreciated.

THANKS
0
Comment
Question by:Bizzuka IT
  • 7
  • 4
  • 2
  • +1
14 Comments
 
LVL 16

Expert Comment

by:OliWarner
ID: 17014419
If you're running things off active directory, this should be really simple just by allowing Windows Authentication on IIS.

If you're using .net 2.0 then you've got the added bonus of being able to use the role management that's built into it.
0
 

Author Comment

by:Bizzuka IT
ID: 17014482
Yes and Yes...

I'm developing with VS 2005. IIS 6, on Windows 2003 server using Active Directory.  NOW WHAT???

Below is my simple function that does what I need ON MY MACHINE...
***************************************************************
Private Sub GetUserInfo()
        Dim strAccountName As String
        '
        'Get User's Login Name
        strAccountName = System.Environment.UserName
        '
        'Get Active Directory Entry for this user's DOMAIN
        Dim Entry As New DirectoryEntry("LDAP://" & System.Environment.UserDomainName)

        Dim mySearcher As DirectorySearcher = New DirectorySearcher(Entry)
        Dim Results As SearchResultCollection
        Dim resEnt As SearchResult
        Dim Key As String
        Dim PropColl As ResultPropertyCollection
        Dim Values As Object
        Dim strFullName As String
        Dim strFirst As String
        Dim strLast As String
        Dim stremail As String
        '
        'Filter search by current user's account name
        mySearcher.Filter = "sAMAccountName=" & strAccountName
        '
        Results = mySearcher.FindAll()
        '
        For Each resEnt In Results
            PropColl = resEnt.Properties
            For Each Key In PropColl.PropertyNames
                'Response.Write("HERE IT IS     -" & Key.ToString & " - ")
                If UCase(Key.ToString) = "NAME" Then strFullName = PropColl(Key).Item(0).ToString
                If UCase(Key.ToString) = "MAIL" Then stremail = PropColl(Key).Item(0).ToString
                If UCase(Key.ToString) = "GIVENNAME" Then strFirst = PropColl(Key).Item(0).ToString
                If UCase(Key.ToString) = "SN" Then strLast = PropColl(Key).Item(0).ToString
            Next
        Next

        Response.Write("<B>Hello - " & strFullName & "</b><BR>")
        Response.Write("   First Name = " & strFirst & "<BR>")
        Response.Write("   Last Name  = " & strLast & "<BR>")
        Response.Write("   email add. = " & stremail & "<BR>")
    End Sub
******************************************************************
What do I need to do from here????

THANKS
0
 

Author Comment

by:Bizzuka IT
ID: 17014487
NOTE:  IIS is currently allowing Anonymous Acces AND is using "Integrated Windows Authentification"

0
 
LVL 5

Expert Comment

by:GENTP
ID: 17017391
If this is a true intranet app, and on an internal server (IE no one else in the world can get to it), the server variable 'auth_user' does the trick. It WILL have the domain in front of it however, so you might have to do a substring starting at the index of a slash (depending on your needs), but that is simple enough.

On a similar app, I have the user go through a login page that grabs their username and compares it to a table in the db, if the user exists, they get redirected to where they want to go. If they don't exist in that table, the login page simply gives a message telling them they are not authorized to view said page.

This is C#, but can easily be converted to VB:

Request.ServerVariables["AUTH_USER"].ToString().Trim();

Give that a try and let me know how you make out.

GenTP
0
 

Author Comment

by:Bizzuka IT
ID: 17017671
GenTP,

I tried the Auth_user earlier on in this process.  It simply returns a blank.  Remember I currently have "allow anonymous access" turned on.  I DO NOT want to force the user to enter their name or userid.

THANKS
0
 
LVL 5

Expert Comment

by:GENTP
ID: 17017992
Yes, allow anonymous access should be on, so that someone would get a graceful error.

Is this on an external server? The only reason I could think of it being blank is if they are hitting it through the net, rather than just being routed directly there internally.
0
 

Author Comment

by:Bizzuka IT
ID: 17018128
I have multiple servers on my network.  This particular machine is my development server.  This server is running IIS with the test site on it.  Active Directory is actually running on a different computer but still withing our Domain.

I have a simple site setup with a couple of pages for testing this.  I've tried telling IE that this site IS an intranet.  I've set settings in IE to LOW for this intranet site for testing.

This is how I am calling the page... http://nettest.bizzuka.net/activedirectory_getuser.aspx

This server is NOT available outside of our network.  Are there some other settings needed trigger the recognition of this site as an Intranet?  
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 5

Accepted Solution

by:
GENTP earned 350 total points
ID: 17018216
I'm not sure, our network admin guy handles that, and it just always works (if you know what I mean).

The next route to look into would be using Windows authentication in your web.config file. Here's the basic overview that I started with: http://aspnet.4guysfromrolla.com/articles/031204-1.aspx

According to the following link, when you use integrated windows authentication in your web.config file, it will ONLY give that msg box when the user has NOT logged into the domain. So a standard network user would have already provided the information it requires.
http://www.iisfaq.com/default.aspx?View=A478&P=139

Hopfully this will at least make some progress.
0
 

Author Comment

by:Bizzuka IT
ID: 17018961
I'm using <authentication mode = "Windows"/>

If I set impersonate=true, System.Environment.UserName returns the IUSR account
If I set impersonate=true, System.Environment.UserName returns the ASPNET account

If I TURN OFF allow anonymous access, I get "The system cannot find the file specified"

Maybe that's a clue to some other setting???  
0
 
LVL 5

Expert Comment

by:GENTP
ID: 17019292
Those are the correct user accounts that pages are run under on a public site, so I'm going to conclude that it is an IIS setting that is having the site visible externally, or something. I'd talk to my network admin, but he has taken the day off (and actually I'm on vacation next week).

You may want to post a pointer topic in the IIS section to see if some of the admins their know whats going on.

Good luck!

Gen
0
 

Author Comment

by:Bizzuka IT
ID: 17019306
THANKS for the INFO....
0
 
LVL 13

Expert Comment

by:usachrisk1983
ID: 17020567
I'm not an ASP guy, more of a ColdFusion guy --- for what it's worth, when IIS is configured to use Anonymous or Integrated Windows Authentication, it will allow the anonymous access and forget about the Windows Authentication, so long as the anonymous user account has access to what it's doing.  This has been true of anything I've ever written or scripted against IIS.

If your users are using Internet Explorer, and the site is setup on the Intranet (and seen that way within IE), then using Integrated Windows Authentication on the server with "Automatic Logon Only in Intranet Zone" setup in Internet Explorer will cause the user to login automatically (no prompt).  Can't do this with Firefox, Netscape, etc. however.  I'd try testing turning off anonymous access (for testing) and see if AUTH_USER gets passed.  

You can dump your CGI variables to see that if Anonymous is turned off, the username gets passed, and if it's on, it doesn't.  
0
 
LVL 13

Assisted Solution

by:usachrisk1983
usachrisk1983 earned 150 total points
ID: 17020580
BizzukaInc : For IE to recongize a site on your domain as being on the Intranet, you need to go to Tools -> Internet Options -> Security -> Local Intranet -> Sites and configure it in there.  To force it right in there, just hti advanced and add the following:

*.bizzuka.net

Make sure that requring HTTPS is off.  If putting everything in your domain is a risk, you can obviously also just put your server in there.  This list can be controlled via group policy, registry key push, and other methods if you need your clients updated.
0
 

Author Comment

by:Bizzuka IT
ID: 17020675
Got it...

I'm still NOT possitive WHAT is wrong with my older development machine, BUT I was NOT able to get this working on it. Luckily I was in the process of setting up a new development server.  I setup the simple scenario on this server, and all is well.

I did add a REVERSE entry for this test in DNS.
I did turn OFF anonymous access and turned ON "Digest authenticatino for Windows domain servers"
I set the proper Intranet settings in IE.

My page now gets the desired user info with NO prompting.

THANKS for all the help...
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Why do we like using grid based layouts in website design? Let's look at the live examples of websites and compare them to grid based WordPress themes.
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
This tutorial demonstrates how to identify and create boundary or building outlines in Google Maps. In this example, I outline the boundaries of an enclosed skatepark within a community park.  Login to your Google Account, then  Google for "Google M…
Any person in technology especially those working for big companies should at least know about the basics of web accessibility. Believe it or not there are even laws in place that require businesses to provide such means for the disabled and aging p…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now