Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1017
  • Last Modified:

I need to get the user name AUTOMATICALLY from user's logging into an Intranet.

I am using ASP.NET VB and trying to get user information when they enter my Intranet.

Since the user is already a valid user on the network, I don't want to prompt the user again to enter their info.  On an older intranet I had written, I simply loaded a VB6 ActiveX control on the user's machine, then I could check whatever I needed to.

With ASP.NET, I was hoping to be able to do something similar.  I can get the Active Directory user's info ON MY DEVELOPMENT machine, but when deployed to the server, this doesn't work.  I need a way to get this info WITHOUT forcing the user to enter anything.  If I turn OFF Anonymous access, the user gets prompted for name and password, I do NOT want this to happen.

Any help will be greatly appreciated.

THANKS
0
Bizzuka IT
Asked:
Bizzuka IT
  • 7
  • 4
  • 2
  • +1
2 Solutions
 
OliWarnerCommented:
If you're running things off active directory, this should be really simple just by allowing Windows Authentication on IIS.

If you're using .net 2.0 then you've got the added bonus of being able to use the role management that's built into it.
0
 
Bizzuka ITAuthor Commented:
Yes and Yes...

I'm developing with VS 2005. IIS 6, on Windows 2003 server using Active Directory.  NOW WHAT???

Below is my simple function that does what I need ON MY MACHINE...
***************************************************************
Private Sub GetUserInfo()
        Dim strAccountName As String
        '
        'Get User's Login Name
        strAccountName = System.Environment.UserName
        '
        'Get Active Directory Entry for this user's DOMAIN
        Dim Entry As New DirectoryEntry("LDAP://" & System.Environment.UserDomainName)

        Dim mySearcher As DirectorySearcher = New DirectorySearcher(Entry)
        Dim Results As SearchResultCollection
        Dim resEnt As SearchResult
        Dim Key As String
        Dim PropColl As ResultPropertyCollection
        Dim Values As Object
        Dim strFullName As String
        Dim strFirst As String
        Dim strLast As String
        Dim stremail As String
        '
        'Filter search by current user's account name
        mySearcher.Filter = "sAMAccountName=" & strAccountName
        '
        Results = mySearcher.FindAll()
        '
        For Each resEnt In Results
            PropColl = resEnt.Properties
            For Each Key In PropColl.PropertyNames
                'Response.Write("HERE IT IS     -" & Key.ToString & " - ")
                If UCase(Key.ToString) = "NAME" Then strFullName = PropColl(Key).Item(0).ToString
                If UCase(Key.ToString) = "MAIL" Then stremail = PropColl(Key).Item(0).ToString
                If UCase(Key.ToString) = "GIVENNAME" Then strFirst = PropColl(Key).Item(0).ToString
                If UCase(Key.ToString) = "SN" Then strLast = PropColl(Key).Item(0).ToString
            Next
        Next

        Response.Write("<B>Hello - " & strFullName & "</b><BR>")
        Response.Write("   First Name = " & strFirst & "<BR>")
        Response.Write("   Last Name  = " & strLast & "<BR>")
        Response.Write("   email add. = " & stremail & "<BR>")
    End Sub
******************************************************************
What do I need to do from here????

THANKS
0
 
Bizzuka ITAuthor Commented:
NOTE:  IIS is currently allowing Anonymous Acces AND is using "Integrated Windows Authentification"

0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
GENTPCommented:
If this is a true intranet app, and on an internal server (IE no one else in the world can get to it), the server variable 'auth_user' does the trick. It WILL have the domain in front of it however, so you might have to do a substring starting at the index of a slash (depending on your needs), but that is simple enough.

On a similar app, I have the user go through a login page that grabs their username and compares it to a table in the db, if the user exists, they get redirected to where they want to go. If they don't exist in that table, the login page simply gives a message telling them they are not authorized to view said page.

This is C#, but can easily be converted to VB:

Request.ServerVariables["AUTH_USER"].ToString().Trim();

Give that a try and let me know how you make out.

GenTP
0
 
Bizzuka ITAuthor Commented:
GenTP,

I tried the Auth_user earlier on in this process.  It simply returns a blank.  Remember I currently have "allow anonymous access" turned on.  I DO NOT want to force the user to enter their name or userid.

THANKS
0
 
GENTPCommented:
Yes, allow anonymous access should be on, so that someone would get a graceful error.

Is this on an external server? The only reason I could think of it being blank is if they are hitting it through the net, rather than just being routed directly there internally.
0
 
Bizzuka ITAuthor Commented:
I have multiple servers on my network.  This particular machine is my development server.  This server is running IIS with the test site on it.  Active Directory is actually running on a different computer but still withing our Domain.

I have a simple site setup with a couple of pages for testing this.  I've tried telling IE that this site IS an intranet.  I've set settings in IE to LOW for this intranet site for testing.

This is how I am calling the page... http://nettest.bizzuka.net/activedirectory_getuser.aspx

This server is NOT available outside of our network.  Are there some other settings needed trigger the recognition of this site as an Intranet?  
0
 
GENTPCommented:
I'm not sure, our network admin guy handles that, and it just always works (if you know what I mean).

The next route to look into would be using Windows authentication in your web.config file. Here's the basic overview that I started with: http://aspnet.4guysfromrolla.com/articles/031204-1.aspx

According to the following link, when you use integrated windows authentication in your web.config file, it will ONLY give that msg box when the user has NOT logged into the domain. So a standard network user would have already provided the information it requires.
http://www.iisfaq.com/default.aspx?View=A478&P=139

Hopfully this will at least make some progress.
0
 
Bizzuka ITAuthor Commented:
I'm using <authentication mode = "Windows"/>

If I set impersonate=true, System.Environment.UserName returns the IUSR account
If I set impersonate=true, System.Environment.UserName returns the ASPNET account

If I TURN OFF allow anonymous access, I get "The system cannot find the file specified"

Maybe that's a clue to some other setting???  
0
 
GENTPCommented:
Those are the correct user accounts that pages are run under on a public site, so I'm going to conclude that it is an IIS setting that is having the site visible externally, or something. I'd talk to my network admin, but he has taken the day off (and actually I'm on vacation next week).

You may want to post a pointer topic in the IIS section to see if some of the admins their know whats going on.

Good luck!

Gen
0
 
Bizzuka ITAuthor Commented:
THANKS for the INFO....
0
 
usachrisk1983Commented:
I'm not an ASP guy, more of a ColdFusion guy --- for what it's worth, when IIS is configured to use Anonymous or Integrated Windows Authentication, it will allow the anonymous access and forget about the Windows Authentication, so long as the anonymous user account has access to what it's doing.  This has been true of anything I've ever written or scripted against IIS.

If your users are using Internet Explorer, and the site is setup on the Intranet (and seen that way within IE), then using Integrated Windows Authentication on the server with "Automatic Logon Only in Intranet Zone" setup in Internet Explorer will cause the user to login automatically (no prompt).  Can't do this with Firefox, Netscape, etc. however.  I'd try testing turning off anonymous access (for testing) and see if AUTH_USER gets passed.  

You can dump your CGI variables to see that if Anonymous is turned off, the username gets passed, and if it's on, it doesn't.  
0
 
usachrisk1983Commented:
BizzukaInc : For IE to recongize a site on your domain as being on the Intranet, you need to go to Tools -> Internet Options -> Security -> Local Intranet -> Sites and configure it in there.  To force it right in there, just hti advanced and add the following:

*.bizzuka.net

Make sure that requring HTTPS is off.  If putting everything in your domain is a risk, you can obviously also just put your server in there.  This list can be controlled via group policy, registry key push, and other methods if you need your clients updated.
0
 
Bizzuka ITAuthor Commented:
Got it...

I'm still NOT possitive WHAT is wrong with my older development machine, BUT I was NOT able to get this working on it. Luckily I was in the process of setting up a new development server.  I setup the simple scenario on this server, and all is well.

I did add a REVERSE entry for this test in DNS.
I did turn OFF anonymous access and turned ON "Digest authenticatino for Windows domain servers"
I set the proper Intranet settings in IE.

My page now gets the desired user info with NO prompting.

THANKS for all the help...
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 7
  • 4
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now