Python: Get Windows username of user viewing page?

Is there a way in Python/Django to get the username of the currently logged-in Windows user, from an app that is not running locally?

UPDATE: sorry, to clarify, by this I mean the Windows username of the user viewing the web page, not the user running the server.

But I think they’re returning the name of the user running the server.

FURTHER UPDATE: I don’t care greatly about security. It really doesn’t matter if users spoof a username. What does matter is convenience. I just need a way to get the username without users having to fiddle around with passwords or install client-side software. Any ideas?

1 Answer 1

Three ways, none of which work.

Use the Ident (AUTH) protocol. It’s technically cross-platform.

. except there are exactly zero Ident servers for Windows that are able to return the real user name instead of a static string.

Require HTTP NTLM or Negotiate authentication. You get more than a mere username check,

. except NTLM is insecure, only Internet Exploder and Firefox support it, and they only use it inside the LAN (intranet) by default. Negotiate is able to use the more secure Kerberos, but it (obviously) requires Kerberos on both server and clients. If the Windows PCs are in a domain, good. If not.

If you control all client machines, you can use simple SSL client-certificate authentication. Works in all modern browsers.

. but every user needs their own certificate. Creating an internal-use CA and issuing certificates is simple; getting them installed and working in client machines — not so.

How do I get the currently loggedin Windows account from an ASP.NET page?

I have an ASP.NET 3.5 application that uses ASP.NET forms authentication. I want to be able to get the Windows user name currently logged into the computer (NOT logged into the ASP.NET application, but into Windows) when data is edited in a page.

If I use Context.User.Identity.Name.Tostring() , I get the user name logged into the ASP.NET application, but I need the Windows account name.

Also, it only works when I run the website from Visual Studio, but after deploying to IIS it returns NT AUTHORITY\SYSTEM.

8 Answers 8

You have to set authentication mode to Windows in your configuration & also disable anonymous users in authorization tag.

To get the currently logged in user to a Windows account you have to use Windows authentication instead of Forms authentication :

System.Security.Principal.WindowsIdentity.GetCurrent().Name.Tostring() also only works when i run the website from visual studio but after deploying to IIS it returns NT AUTHORITY\SYSTEM

It shows the application current user. When you host your application on the Visual Studio web server it uses your local account. However, when you will log in to the web application with different credentials it will always show your current Windows login.

An application deployed to IIS uses the NT AUTHORITY\SYSTEM account in your case.

To get the currently logged-in user to Windows in C#, use:

I struggled and struggled and struggled with this. One of the things is that I don’t have access to IIS, that is locked down, so I couldn’t change any of the server settings. I had to go with what I was capable of doing in code. When I researched it, many of the replies said, «set up IIS like this». . .well, that’s great when you have access to IIS, but I didn’t — I had to work with what I could do in code. So, I ended up handling it like this:

In my web config file, I added the following lines of code within the section:

Then, it returned an error on my local, which I had to go in and fix. I went to the applicationhost.config file located in the following path on my machine (yours might be different):

C:\users\»your user name»\My Documents\»yourIISInstallation»\config\applicationhost.config

and I changed the following settings to «allow», which had been set to «deny»:

Can you get a Windows (AD) username in PHP?

I have a PHP web application on an intranet that can extract the IP and host name of the current user on that page, but I was wondering if there is a way to get/extract their Active Directory/Windows username as well. Is this possible?

16 Answers 16

Check the AUTH_USER request variable. This will be empty if your web app allows anonymous access, but if your server’s using basic or Windows integrated authentication, it will contain the username of the authenticated user.

In an Active Directory domain, if your clients are running Internet Explorer and your web server/filesystem permissions are configured properly, IE will silently submit their domain credentials to your server and AUTH_USER will be MYDOMAIN\user.name without the users having to explicitly log in to your web app.

I’ve got php mysql running on IIS — I can use $_SERVER[«AUTH_USER»] if I turn on Windows Authentication in IIS -> Authentication and turn off Anonymous authentication (important)

I’ve used this to get my user and domain:

$user will return a value like: DOMAIN\username on our network, and then it’s just a case of removing the DOMAIN\ from the string.

This has worked in IE, FF, Chrome, Safari (tested) so far.

Look at the PHP LDAP library functions: http://us.php.net/ldap.

Active Directory [mostly] conforms to the LDAP standard.

We have multiple domains in our environment so I use preg_replace with regex to get just the username without DOMAIN\ .

If you’re using Apache on Windows, you can install the mod_auth_sspi from

Instructions are in the INSTALL file, and there is a whoami.php example. (It’s just a case of copying the mod_auth_sspi.so file into a folder and adding a line into httpd.conf.)

Once it’s installed and the necessary settings are made in httpd.conf to protect the directories you wish, PHP will populate the $_SERVER[‘REMOTE_USER’] with the user and domain (‘USER\DOMAIN’) of the authenticated user in IE — or prompt and authenticate in Firefox before passing it in.

Info is session-based, so single(ish) signon is possible even in Firefox.

How do I get the current username in .NET using C#?

How do I get the current username in .NET using C#?

18 Answers 18

If you are in a network of users, then the username will be different:

Choose the format you want.

The documentation for Environment.UserName seems to be a bit conflicting:

On the same page it says:

Gets the user name of the person who is currently logged on to the Windows operating system.

displays the user name of the person who started the current thread

If you test Environment.UserName using RunAs, it will give you the RunAs user account name, not the user originally logged on to Windows.

I totally second the other answers, but I would like to highlight one more method which says

The above method returned me the username in the format: DomainName\UserName. For example, EUROPE\UserName

Which is different from:

Which displayed in the format: UserName

which gave: NT AUTHORITY\IUSR (while running the application on IIS server) and DomainName\UserName (while running the application on a local server).

That will be the logon name.

You may also want to try using:

Hope this has been helpful.

This will give you output — your_user_name

I tried several combinations from existing answers, but they were giving me

I ended up using

Which gave me the actual users domain username only.

Just in case someone is looking for user Display Name as opposed to User Name, like me.

Here’s the treat :

Add Reference to System.DirectoryServices.AccountManagement in your project.

Use System.Windows.Forms.SystemInformation.UserName for the actually logged in user as Environment.UserName still returns the account being used by the current process.

I’ve tried all the previous answers and found the answer on MSDN after none of these worked for me. See ‘UserName4’ for the correct one for me.

I’m after the Logged in User, as displayed by:

Here’s a little function I wrote to try them all. My result is in the comments after each row.

Calling this function returns the logged in username by return.

Update: I would like to point out that running this code on my Local server instance shows me that Username4 returns «» (an empty string), but UserName3 and UserName5 return the logged in User. Just something to beware of.

How to get Windows user in asp.net webApp on IIS7+

I have an asp.net 4.5 web forms web app deployed on a remote IIS7+ server and I want to get the domain\username of the user to populate a database column.

My web.config has the following:

Here are some of the things I have tried:

Other things to note:

Windows authentication is enabled on the server for my web app.

I keep getting the server name instead of the username.

Also, there is no logon for my web app. Users are restricted access to the server but if they can access the server then they automatically have access to my web app.

[UPDATE]

Interesting breakthrough, if I do an inline

then myDomain\username is written to my page. However, if I do the same code server side it returns the Server Name. Why would it return something different?

I have tried the below code but it still returns the Server name, I’m guessing its because the inline runs client-side and the controls run server side.

then in codeBehind

1 Answer 1

To get the current userid name of an asp.net aspx page use

To get the actual person who’s logged in use any of these:

You’ll probably also need:

in your web.config file

[EDIT] This post shows what’s happening under the covers in IIS 7: How to get at the current users windows identity

This post will hopefully also give you an idea of what the results of your trial and error mean: How to get Windows user name when identity impersonate=»true» in asp.net?

You may also need the following in your web.config

[EDIT2] The behavior you are observing implies you are executing

On what you are calling «the server side» too early in IIS’s processing pipeline application lifecycle i.e. before authentication has taken place. The

is one of the last aspects of application life cycle. Take a look at Microsoft’s IIS7 life cycle documentation: http://msdn.microsoft.com/en-us/library/bb470252.aspx

1. Validate the request.
2. Perform URL mapping.
3. Raise the BeginRequest event.
4. Raise the AuthenticateRequest event.
5. Raise the PostAuthenticateRequest event.
6. Raise the AuthorizeRequest event.
7. Raise the PostAuthorizeRequest event. .

Its only after this that it will really be safe to do the processing you need to