windows authentication

[alanchinese]

hi, the asp.net server uses active directory for authentication. in iis, the anonymous access is unchecked and windows authentication is check. however, page.user.identity.name returns empty string. what is the cause?

the following code
<code>
Response.Write( "Page.User Identity: [" + Page.User.Identity.Name + "]<br>" );
Response.Write( "Window.Current Identity: [" + System.Security.Principal.WindowsIdentity.GetCurrent().Name + "]<br>" );
Response.Write( "Thread.Current Identity: [" + System.Threading.Thread.CurrentPrincipal.Identity.Name + "]<br>" );
</code>
derives these results:
Page.User Identity: []
Window.Current Identity: [NT AUTHORITY\NETWORK SERVICE]
Thread.Current Identity: []

 

[PlausiblyDamp]

Have you set any authorisation rules for the web site under the web.config? If not asp.net will allow any user in regardless of the iis settings.

Under the web.config there are two relevant sections - Authorisation and Authentication, as a minimum try setting them to
[highlight=xml]
<authentication mode="Windows" />
<authorization>
<deny users="?"/>
</authorization>
[/highlight]

these instruct asp.net to use windows authentication and the deny users="?" prevents anonymous access.