ASP .NET/IIS6 NT User Impersonation problems..
Posted on 2008-10-23
I've never really done this type of project before, but basically I want to have a site on our company's intranet website that will automatically utilize the visitor's NT domain credentials when they visit the page.
Now this little code snippet, if it works I should be golden:
currentWindowsIdentity = CType(User.Identity, System.Security.Principal.WindowsIdentity) impersonationContext = currentWindowsIdentity.Impersonate() strUser = currentWindowsIdentity.Name.ToString.Substring(currentWindowsIdentity.Name.ToString.IndexOf("\") + 1) Response.Write("You are validated on this page as: <B>" & strUser & "</B><BR>")
This works great when debugging through the ASP .NET Development Server on my work machine. It'll report my username and everything's good. However, when I move to production, it fails. Here's the error:
System.InvalidOperationException: An anonymous identity cannot perform an impersonation. at System.Security.Principal.WindowsIdentity.Impersonate(StackCrawlMark& stackMark) at System.Security.Principal.WindowsIdentity.Impersonate() at CCIWSignIn._Default.Page_Load(Object sender, EventArgs e)
Now, I'm thinking this might have something to do with the way IIS works through the anonymous IUSR_servername account? So I disabled anonymous access for that page in IIS, and enabled "Integrated Windows Authentication", which just prompts me for a username and password that is doesn't seem to want to accept in the DOMAIN/Username fashion. So I've unchecked that and tried "Digest authentication for Windows domain servers". This prompts me for authentication, which I provide, and the code above works, but is there a way to just use my already entered login credentials and not get prompted for them by the site?
Any insight would be appreciated...