Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


I need to get the user name AUTOMATICALLY from user's logging into an Intranet.

Posted on 2006-06-29
Medium Priority
Last Modified: 2012-06-21
I am using ASP.NET VB and trying to get user information when they enter my Intranet.

Since the user is already a valid user on the network, I don't want to prompt the user again to enter their info.  On an older intranet I had written, I simply loaded a VB6 ActiveX control on the user's machine, then I could check whatever I needed to.

With ASP.NET, I was hoping to be able to do something similar.  I can get the Active Directory user's info ON MY DEVELOPMENT machine, but when deployed to the server, this doesn't work.  I need a way to get this info WITHOUT forcing the user to enter anything.  If I turn OFF Anonymous access, the user gets prompted for name and password, I do NOT want this to happen.

Any help will be greatly appreciated.

Question by:Bizzuka IT
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
  • 2
  • +1
LVL 16

Expert Comment

ID: 17014419
If you're running things off active directory, this should be really simple just by allowing Windows Authentication on IIS.

If you're using .net 2.0 then you've got the added bonus of being able to use the role management that's built into it.

Author Comment

by:Bizzuka IT
ID: 17014482
Yes and Yes...

I'm developing with VS 2005. IIS 6, on Windows 2003 server using Active Directory.  NOW WHAT???

Below is my simple function that does what I need ON MY MACHINE...
Private Sub GetUserInfo()
        Dim strAccountName As String
        'Get User's Login Name
        strAccountName = System.Environment.UserName
        'Get Active Directory Entry for this user's DOMAIN
        Dim Entry As New DirectoryEntry("LDAP://" & System.Environment.UserDomainName)

        Dim mySearcher As DirectorySearcher = New DirectorySearcher(Entry)
        Dim Results As SearchResultCollection
        Dim resEnt As SearchResult
        Dim Key As String
        Dim PropColl As ResultPropertyCollection
        Dim Values As Object
        Dim strFullName As String
        Dim strFirst As String
        Dim strLast As String
        Dim stremail As String
        'Filter search by current user's account name
        mySearcher.Filter = "sAMAccountName=" & strAccountName
        Results = mySearcher.FindAll()
        For Each resEnt In Results
            PropColl = resEnt.Properties
            For Each Key In PropColl.PropertyNames
                'Response.Write("HERE IT IS     -" & Key.ToString & " - ")
                If UCase(Key.ToString) = "NAME" Then strFullName = PropColl(Key).Item(0).ToString
                If UCase(Key.ToString) = "MAIL" Then stremail = PropColl(Key).Item(0).ToString
                If UCase(Key.ToString) = "GIVENNAME" Then strFirst = PropColl(Key).Item(0).ToString
                If UCase(Key.ToString) = "SN" Then strLast = PropColl(Key).Item(0).ToString

        Response.Write("<B>Hello - " & strFullName & "</b><BR>")
        Response.Write("   First Name = " & strFirst & "<BR>")
        Response.Write("   Last Name  = " & strLast & "<BR>")
        Response.Write("   email add. = " & stremail & "<BR>")
    End Sub
What do I need to do from here????


Author Comment

by:Bizzuka IT
ID: 17014487
NOTE:  IIS is currently allowing Anonymous Acces AND is using "Integrated Windows Authentification"

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.


Expert Comment

ID: 17017391
If this is a true intranet app, and on an internal server (IE no one else in the world can get to it), the server variable 'auth_user' does the trick. It WILL have the domain in front of it however, so you might have to do a substring starting at the index of a slash (depending on your needs), but that is simple enough.

On a similar app, I have the user go through a login page that grabs their username and compares it to a table in the db, if the user exists, they get redirected to where they want to go. If they don't exist in that table, the login page simply gives a message telling them they are not authorized to view said page.

This is C#, but can easily be converted to VB:


Give that a try and let me know how you make out.


Author Comment

by:Bizzuka IT
ID: 17017671

I tried the Auth_user earlier on in this process.  It simply returns a blank.  Remember I currently have "allow anonymous access" turned on.  I DO NOT want to force the user to enter their name or userid.


Expert Comment

ID: 17017992
Yes, allow anonymous access should be on, so that someone would get a graceful error.

Is this on an external server? The only reason I could think of it being blank is if they are hitting it through the net, rather than just being routed directly there internally.

Author Comment

by:Bizzuka IT
ID: 17018128
I have multiple servers on my network.  This particular machine is my development server.  This server is running IIS with the test site on it.  Active Directory is actually running on a different computer but still withing our Domain.

I have a simple site setup with a couple of pages for testing this.  I've tried telling IE that this site IS an intranet.  I've set settings in IE to LOW for this intranet site for testing.

This is how I am calling the page...

This server is NOT available outside of our network.  Are there some other settings needed trigger the recognition of this site as an Intranet?  

Accepted Solution

GENTP earned 1400 total points
ID: 17018216
I'm not sure, our network admin guy handles that, and it just always works (if you know what I mean).

The next route to look into would be using Windows authentication in your web.config file. Here's the basic overview that I started with:

According to the following link, when you use integrated windows authentication in your web.config file, it will ONLY give that msg box when the user has NOT logged into the domain. So a standard network user would have already provided the information it requires.

Hopfully this will at least make some progress.

Author Comment

by:Bizzuka IT
ID: 17018961
I'm using <authentication mode = "Windows"/>

If I set impersonate=true, System.Environment.UserName returns the IUSR account
If I set impersonate=true, System.Environment.UserName returns the ASPNET account

If I TURN OFF allow anonymous access, I get "The system cannot find the file specified"

Maybe that's a clue to some other setting???  

Expert Comment

ID: 17019292
Those are the correct user accounts that pages are run under on a public site, so I'm going to conclude that it is an IIS setting that is having the site visible externally, or something. I'd talk to my network admin, but he has taken the day off (and actually I'm on vacation next week).

You may want to post a pointer topic in the IIS section to see if some of the admins their know whats going on.

Good luck!


Author Comment

by:Bizzuka IT
ID: 17019306
THANKS for the INFO....
LVL 13

Expert Comment

ID: 17020567
I'm not an ASP guy, more of a ColdFusion guy --- for what it's worth, when IIS is configured to use Anonymous or Integrated Windows Authentication, it will allow the anonymous access and forget about the Windows Authentication, so long as the anonymous user account has access to what it's doing.  This has been true of anything I've ever written or scripted against IIS.

If your users are using Internet Explorer, and the site is setup on the Intranet (and seen that way within IE), then using Integrated Windows Authentication on the server with "Automatic Logon Only in Intranet Zone" setup in Internet Explorer will cause the user to login automatically (no prompt).  Can't do this with Firefox, Netscape, etc. however.  I'd try testing turning off anonymous access (for testing) and see if AUTH_USER gets passed.  

You can dump your CGI variables to see that if Anonymous is turned off, the username gets passed, and if it's on, it doesn't.  
LVL 13

Assisted Solution

usachrisk1983 earned 600 total points
ID: 17020580
BizzukaInc : For IE to recongize a site on your domain as being on the Intranet, you need to go to Tools -> Internet Options -> Security -> Local Intranet -> Sites and configure it in there.  To force it right in there, just hti advanced and add the following:


Make sure that requring HTTPS is off.  If putting everything in your domain is a risk, you can obviously also just put your server in there.  This list can be controlled via group policy, registry key push, and other methods if you need your clients updated.

Author Comment

by:Bizzuka IT
ID: 17020675
Got it...

I'm still NOT possitive WHAT is wrong with my older development machine, BUT I was NOT able to get this working on it. Luckily I was in the process of setting up a new development server.  I setup the simple scenario on this server, and all is well.

I did add a REVERSE entry for this test in DNS.
I did turn OFF anonymous access and turned ON "Digest authenticatino for Windows domain servers"
I set the proper Intranet settings in IE.

My page now gets the desired user info with NO prompting.

THANKS for all the help...

Featured Post

How to Create Failover DNS Record Sets in Route 53

Route 53 has the ability to easily configure DNS record sets specifically for failover scenarios. These failover record sets can be configured to failover to full-blown deployments in other regions or to a static HTML page that informs your customers of the issue.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Ready to get certified? Check out some courses that help you prepare for third-party exams.
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.
The is a quite short video tutorial. In this video, I'm going to show you how to create self-host WordPress blog with free hosting service.
Suggested Courses

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question