ASP .NET/IIS6 NT User Impersonation problems..

Hi guys,

I've never really done this type of project before, but basically I want to have a site on our company's intranet website that will automatically utilize the visitor's NT domain credentials when they visit the page.

Now this little code snippet, if it works I should be golden:

currentWindowsIdentity = CType(User.Identity, System.Security.Principal.WindowsIdentity) impersonationContext = currentWindowsIdentity.Impersonate() strUser = currentWindowsIdentity.Name.ToString.Substring(currentWindowsIdentity.Name.ToString.IndexOf("\") + 1) Response.Write("You are validated on this page as: <B>" & strUser & "</B><BR>")

This works great when debugging through the ASP .NET Development Server on my work machine. It'll report my username and everything's good. However, when I move to production, it fails. Here's the error:

System.InvalidOperationException: An anonymous identity cannot perform an impersonation. at System.Security.Principal.WindowsIdentity.Impersonate(StackCrawlMark& stackMark) at System.Security.Principal.WindowsIdentity.Impersonate() at CCIWSignIn._Default.Page_Load(Object sender, EventArgs e)

Now, I'm thinking this might have something to do with the way IIS works through the anonymous IUSR_servername account? So I disabled anonymous access for that page in IIS, and enabled "Integrated Windows Authentication", which just prompts me for a username and password that is doesn't seem to want to accept in the DOMAIN/Username fashion. So I've unchecked that and tried "Digest authentication for Windows domain servers". This prompts me for authentication, which I provide, and the code above works, but is there a way to just use my already entered login credentials and not get prompted for them by the site?

Any insight would be appreciated...
Tabris42Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

samtran0331Commented:
>>seem to want to accept in the DOMAIN/Username fashion

I'm not sure if that is a typo in your post or that's what you actually tried, but just to make sure... it should be a backslash and not a forward slash...

DOMAIN\Username
0
Tabris42Author Commented:
Yes, that was just a typo...
0
Tabris42Author Commented:
I have found a workaround that works rather well... probably terrible for security though. This is to set "Basic authentication" for the folder in IIS. It still prompts for the username and password, however, so advice on how to avoid that and use the NT credentials already provided would be appreciated.
0
AnthonyP9618Commented:
Did you ensure that your user account actually has NTFS permissions to the files on the Web server?  It's probably trying to use Integrated, but failing because your account doesn't have the proper permissions.  Can you check the Security Event Logs of the web server and review failed audit events for your user account?

You can always SSL enable the site and use Basic... at least that would encrypt the credentials :)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Tabris42Author Commented:
Good idea about the SSL. I've configured it for that and am still using the basic authentication... fiddled with the NTFS permissions but still get prompted every time.

If I can't get away with letting the user login automatically... is there at least a way I can make the User field fill out with their domain\username? Then they just need to enter their password?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ASP.NET

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.