Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error

Windows Identity
DG@WLP
#1 Posted : Thursday, March 1, 2012 10:27:51 PM(UTC)
Groups: Member
Joined: 3/1/2012(UTC)
Posts: 7
Location: Virginia

I have read the various posts and information about the most awesome UltiDev Web Server Pro (actually using it). Am I under the wrong assumption with regards to acquiring the identity of a user accessing my intRAnet application where I thought with v14 (now v15) that I would be able to acquire such with any of the following?

string userID = HttpContext.Current.User.Identity.Name;
string userID = ((WindowsIdentity)User.Identity).Name;
string userID = Request.ServerVariables["LOGON_USER"];

I would like to be able to get the network user ID (or whatever you would prefer to call it) to not only automatically authenticate and allow access; but, to load user information to use in the web application such as user name, security level, manager, etc.

Is there a trick that I am missing?

I have <authentication mode="Windows"/> set in the web.config file and I have tried various things to no avail.

Your help would be greatly appreciated!

BTW: My application does acquire my own userID ONLY when launching/debugging via Visual Studio (2008).

Thanks.
Ultidev Team
#2 Posted : Thursday, March 1, 2012 11:15:46 PM(UTC)
Ultidev Team

Groups: Administration
Joined: 11/3/2005(UTC)
Posts: 2,253

Thanks: 28 times
Was thanked: 60 time(s) in 59 post(s)
Hi there!

Thank you very much for positive feedback! It's great to know that our little web server makes someone's life easier.

Getting user identity via this.Request.LogonUserIdentity is definitely possible. Please try turning off Anonymous authentication and turn on Windows Negotiate and NTLM on this screen. You may need to set <impersonate="true"/> in web.config too. Client browser may popup credentials page though, depending whether it's a domain, and whether server and client machines are in the same domain.

Please let us know if this information was helpful.

Best regards,
UltiDev Team.
Please donate at http://www.ultidev.com/products/Donate.aspx to help us improve our products.
Guest
#3 Posted : Thursday, November 1, 2012 10:53:26 AM(UTC)
Groups:
Joined: 11/1/2005(UTC)
Posts: 278

I recently upgraded to UWS along with going to Visual Studio 2010 and the windows authentication did not catch again using HttpContext.Current.User.Identity.Name for some unknown reason (authentication in web.config is set to windows). I don't remember seeing your response back then; but, I changed the code to use this.Request.LogonUserIdentity.Name and I was back in business.

So thank you for your response (8 months belated) and keep up the great work on UWS!!!
Ultidev Team
#4 Posted : Thursday, November 1, 2012 11:29:01 AM(UTC)
Ultidev Team

Groups: Administration
Joined: 11/3/2005(UTC)
Posts: 2,253

Thanks: 28 times
Was thanked: 60 time(s) in 59 post(s)
Not a problem!

We are always happy to help, and thank you very much for the positive feedback!

Best regards,
UltiDev Team.
Please donate at http://www.ultidev.com/products/Donate.aspx to help us improve our products.
DG@WLP
#5 Posted : Tuesday, April 23, 2013 1:28:57 PM(UTC)
Groups: Member
Joined: 3/1/2012(UTC)
Posts: 7
Location: Virginia

If this needs to be in a different thread, please move it. Thanks.

There is a new authentication issue that I am unable to resolve with regards to authentication from ASP.NET on UWS Pro to SQL Server (Windows Authentication). On the machine hosting UWS with Visual Studio 2010, my ASP.NET application (.NET 4.0, C#) works both inside and outside of Visual Studio. However, when connecting to the applicaiton from a remote machine (same domain), I get an error from SQL Server: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.

NOTE: The app pool in UWS is set to Windows (Integrated) only and the app is set to Windows (authentication) with Impersonation (true).

Is there something different with UWS than IIS that is causing UWS to recognize the actual Windows account; but, not being able to pass it through to SQL Server if not on the same machine as UWS and the app? I really need to figure this out as I need to port local databases to other servers where our company requires Windows Authentication to access SQL Server and I do not have access to IIS (at this time).

Thanks!



From the same computer as UWS and app: No problems!

From a computer other than the preceding, but on the same network: ResourceUtilization.LogIn.Page_LoadComplete[LoadUserData](): ResourceUtilization.UserInfo.LoadUserData(MYUSERID): Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
Ultidev Team
#6 Posted : Tuesday, April 23, 2013 3:09:45 PM(UTC)
Ultidev Team

Groups: Administration
Joined: 11/3/2005(UTC)
Posts: 2,253

Thanks: 28 times
Was thanked: 60 time(s) in 59 post(s)
Hi!

We would like to get clarification on couple of points, please.

- Is this correct that the problem is manifested only if browser runs on the computer other the UWS server? Meaning that when is browser running on the server has no issue and UWS impersonates the user successfully and communicates with SQL server without an issue?

- Are you logging in with an AD domain- or a computer-based user account? If using domain user account, are both server and client computers members of the AD domain?

Best regards,
UltiDev Team.
Please donate at http://www.ultidev.com/products/Donate.aspx to help us improve our products.
DG@WLP
#7 Posted : Tuesday, April 23, 2013 3:23:40 PM(UTC)
Groups: Member
Joined: 3/1/2012(UTC)
Posts: 7
Location: Virginia

Thank you for the very quick response!!!! :-)

As to the clarifications...

This only happens when I try to run the web (intranet) app when on a client computer rather than the UWS server. On the server, no problems with the app or SQL Server. On the client, a problem with SQL Server but no problem with the app.

Also, I log in with an Active Diretory (AD) domain user account and both the server and client are members of said domain.
Ultidev Team
#8 Posted : Tuesday, April 23, 2013 4:21:09 PM(UTC)
Ultidev Team

Groups: Administration
Joined: 11/3/2005(UTC)
Posts: 2,253

Thanks: 28 times
Was thanked: 60 time(s) in 59 post(s)
Hi!

We are sorry, we are still not quite clear on the topology of successful vs failing setups: do you mean that when SQL Server and UWS are running on the same box everything is alright, and when they are on different boxes it fails? Since "client" and "server" definitions can be very overloaded and subjective, could you please outline setups in terms computers involved when app works and when it fails?

Best regards,
UltiDev Team.
Please donate at http://www.ultidev.com/products/Donate.aspx to help us improve our products.
DG@WLP
#9 Posted : Tuesday, April 23, 2013 4:29:47 PM(UTC)
Groups: Member
Joined: 3/1/2012(UTC)
Posts: 7
Location: Virginia

UWS and application are on machine A
SQL Server is on machine B
Client is machine C

When the application is run from machine A, both the application and SQL Server have no problem with authentication
When the application is run from machine C, SQL Server has a problem with the authentication where the application has no problem

Of course, the application fails when run from machine C because SQL Server is the back end (not for the session, but for the data that is used in the application).

Hope this is clearer for you.

Thanks.
Ultidev Team
#10 Posted : Thursday, April 25, 2013 8:40:15 AM(UTC)
Ultidev Team

Groups: Administration
Joined: 11/3/2005(UTC)
Posts: 2,253

Thanks: 28 times
Was thanked: 60 time(s) in 59 post(s)
Hi,

We are sorry it is taking us a little longer. We are trying to reproduce this problem on our QA VMs, and delay is related to setting up SQL Server and demo app. We'll try to have an answer for you by Monday.

Best regards,
UltiDev Team.
Please donate at http://www.ultidev.com/products/Donate.aspx to help us improve our products.
DG@WLP
#11 Posted : Thursday, April 25, 2013 8:44:25 AM(UTC)
Groups: Member
Joined: 3/1/2012(UTC)
Posts: 7
Location: Virginia

Thank you very much!
Ultidev Team
#12 Posted : Sunday, April 28, 2013 3:12:31 PM(UTC)
Ultidev Team

Groups: Administration
Joined: 11/3/2005(UTC)
Posts: 2,253

Thanks: 28 times
Was thanked: 60 time(s) in 59 post(s)
Hi,

We have created a simple demo ASP.NET app that displays Customers table from the NWIND database. Both the app and database are attached. We'll update this post shortly with the results.

Update 1: We were able to reproduce the problem. When both the database and UWS+application are on the same machine, there is no problem. When SQL Server and UWS+application are on different machines, we get the same error. We are looking into it.

Update 2: Running the app under IIS 6 and getting the same error, when SQL runs on one box, and IIS+application on another. It appears this problem is not UWS-specific, and is known as a double-hop authorization problem. Please refer to http://stackoverflow.com/questions/10957443 for the background information and the solution.

Best regards,
UltiDev Team.
File Attachment(s):
IntegratedAuthWithNWindTest.zip (135kb) downloaded 72 time(s).
nwind.zip (549kb) downloaded 84 time(s).
Please donate at http://www.ultidev.com/products/Donate.aspx to help us improve our products.
DG@WLP
#13 Posted : Monday, April 29, 2013 8:34:34 AM(UTC)
Groups: Member
Joined: 3/1/2012(UTC)
Posts: 7
Location: Virginia

It sure does seem to be a "double-hop" issue; but, I am not sure how to resolve the issue with regards to UWS and any security settings (per the link in the double-hop article, http://blogs.technet.com...is-and-sql-server.aspx, or otherwise).

I know that other teams in the company using IIS for intranet applications over SQL Server do not have the "double-hop" issue; but, none are able to tell me what settings (and where) help them to achieve success....and, of course, they are using pure IIS as opposed to your awesome UWS product.

BTW: I only have admin to the machine that runs UWS and the applications; so I am unable to change anything on the SQL Server machine or in AD.

Thanks.
Ultidev Team
#14 Posted : Monday, April 29, 2013 9:53:49 AM(UTC)
Ultidev Team

Groups: Administration
Joined: 11/3/2005(UTC)
Posts: 2,253

Thanks: 28 times
Was thanked: 60 time(s) in 59 post(s)
Hi!

Since you have admin access to the application server machine, could you please try running the application under IIS there? Even if IIS is not installed, you should be able to install it side by side with UWS. Then please configure the IIS application to run Windows Authentication only, and see if you get same result as with UWS. The reason we suggest that is the problem with double-hop is likely to have less to do with which web server is being used, but rather with whether server trust is setup correctly between DB server and app server machines. Other teams that don't have problems with flowing user credentials from web server to SQL probably would run UWS, just like IIS, without a problem.

Best regards,
UltiDev Team.
Please donate at http://www.ultidev.com/products/Donate.aspx to help us improve our products.
DG@WLP
#15 Posted : Monday, April 29, 2013 9:59:11 AM(UTC)
Groups: Member
Joined: 3/1/2012(UTC)
Posts: 7
Location: Virginia

I will install IIS and test it as soon as feasible without causing any issues to the users/testers of the various running applications. Once I do get it installed and give it a test, I will post my results.

BTW: I did pose the resolution of making sure the machine has the Kerberos Delegation set up for access to SQL Server with the relevant parties and hopefully it will be simple enough to confirm (and make happen).

Thanks!
Guest
#16 Posted : Friday, March 30, 2018 10:52:16 PM(UTC)
Groups:
Joined: 11/1/2005(UTC)
Posts: 278

Message was deleted by a Moderator.
Rss Feed  Atom Feed
Users browsing this topic
Guest (9)
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You can vote in polls in this forum.