Windows – iis 7.5 dns windows authentication page user identity not working

asp.netauthenticationiis-7.5windows

In IIS 7.5 server I have a website apps.mydomain.com. Site binding for this website is:

IP: All Unassigned

Port: 80

Host name: apps.mydomain.com

In DNS there is an ip address pointing to apps.mydomain.com. Site comes up fine when browsing to this hostname.

I want to get current windows logged in username from asp.net web apps. I enabled windows authentication and disabled anonymous. Using this ASP.Net code to test:

Response.Write(Page.User.Identity.Name);

However, browsing to http://apps.mydomain.com/site/ the application pool identity shows as the Page.User.Identity.Name value and not the current windows logged in username.

If I browse to http://servername/site/ then Page.User.Identity.Name will return current windows logged in username.

Is there something else I need to configure to get the current windows logged in username when using host header?

web.config:

    <?xml version="1.0"?>
<configuration>
    <system.web>
        <authentication mode="Windows"/>
    </system.web>
</configuration>

App pool config (left out "handlers" for brevity, there's a 30000 char limit):

    <sectionGroup name="system.webServer">
        <section name="asp" overrideModeDefault="Deny" />
        <section name="caching" overrideModeDefault="Allow" />
        <section name="cgi" overrideModeDefault="Deny" />
        <section name="defaultDocument" overrideModeDefault="Allow" />
        <section name="directoryBrowse" overrideModeDefault="Allow" />
        <section name="fastCgi" allowDefinition="AppHostOnly" overrideModeDefault="Deny" />
        <section name="globalModules" allowDefinition="AppHostOnly" overrideModeDefault="Deny" />
        <section name="handlers" overrideModeDefault="Deny" />
        <section name="httpCompression" allowDefinition="AppHostOnly" overrideModeDefault="Deny" />
        <section name="httpErrors" overrideModeDefault="Allow" />
        <section name="httpLogging" overrideModeDefault="Deny" />
        <section name="httpProtocol" overrideModeDefault="Allow" />
        <section name="httpRedirect" overrideModeDefault="Allow" />
        <section name="httpTracing" overrideModeDefault="Deny" />
        <section name="isapiFilters" allowDefinition="MachineToApplication" overrideModeDefault="Deny" />
        <section name="modules" allowDefinition="MachineToApplication" overrideModeDefault="Deny" />
        <section name="odbcLogging" overrideModeDefault="Deny" />
        <sectionGroup name="security">
            <section name="access" overrideModeDefault="Deny" />
            <section name="applicationDependencies" overrideModeDefault="Deny" />
            <sectionGroup name="authentication">
                <section name="anonymousAuthentication" overrideModeDefault="Deny" />
                <section name="basicAuthentication" overrideModeDefault="Deny" />
                <section name="clientCertificateMappingAuthentication" overrideModeDefault="Deny" />
                <section name="digestAuthentication" overrideModeDefault="Deny" />
                <section name="iisClientCertificateMappingAuthentication" overrideModeDefault="Deny" />
                <section name="windowsAuthentication" overrideModeDefault="Deny" />
            </sectionGroup>
            <section name="authorization" overrideModeDefault="Allow" />
            <section name="ipSecurity" overrideModeDefault="Deny" />
            <section name="isapiCgiRestriction" allowDefinition="AppHostOnly" overrideModeDefault="Deny" />
            <section name="requestFiltering" overrideModeDefault="Allow" />
        </sectionGroup>
        <section name="serverRuntime" overrideModeDefault="Deny" />
        <section name="serverSideInclude" overrideModeDefault="Deny" />
        <section name="staticContent" overrideModeDefault="Allow" />
        <sectionGroup name="tracing">
            <section name="traceFailedRequests" overrideModeDefault="Allow" />
            <section name="traceProviderDefinitions" overrideModeDefault="Deny" />
        </sectionGroup>
        <section name="urlCompression" overrideModeDefault="Allow" />
        <section name="validation" overrideModeDefault="Allow" />
        <sectionGroup name="webdav">
            <section name="globalSettings" overrideModeDefault="Deny" />
            <section name="authoring" overrideModeDefault="Deny" />
            <section name="authoringRules" overrideModeDefault="Deny" />
        </sectionGroup>
    </sectionGroup>
    <sectionGroup name="system.ftpServer">
        <section name="log" overrideModeDefault="Deny" allowDefinition="AppHostOnly" />
        <section name="firewallSupport" overrideModeDefault="Deny" allowDefinition="AppHostOnly" />
        <section name="caching" overrideModeDefault="Deny" allowDefinition="AppHostOnly" />
        <section name="providerDefinitions" overrideModeDefault="Deny" />
        <sectionGroup name="security">
            <section name="ipSecurity" overrideModeDefault="Deny" />
            <section name="requestFiltering" overrideModeDefault="Deny" />
            <section name="authorization" overrideModeDefault="Deny" />
        </sectionGroup>
        <section name="serverRuntime" overrideModeDefault="Deny" allowDefinition="AppHostOnly" />
    </sectionGroup>
</configSections>

<configProtectedData>
    <providers>
        <add name="IISWASOnlyRsaProvider" type="" description="Uses RsaCryptoServiceProvider to encrypt and decrypt" keyContainerName="iisWasKey" cspProviderName="" useMachineContainer="true" useOAEP="false" />
        <add name="AesProvider" type="Microsoft.ApplicationHost.AesProtectedConfigurationProvider" description="Uses an AES session key to encrypt and decrypt" keyContainerName="iisConfigurationKey" cspProviderName="" useOAEP="false" useMachineContainer="true" sessionKey="AQIAAA5mAAAApAAAGvGl78LKqlTFEdnH/kqoKL6P2gWJP1j89yxhxFD1wpbaE9Y6eMLhitoa2hmeMe41BWRQw/hdv2m9RkX9cFS0UwwlcpSBAgy59xZNmPm0TKg0QcRZ6Pbx4NZdOZ5nflNugABheZbScJenA3fU0L9Ct6kx0mllufWr4SzxOtLKkHY=" />
        <add name="IISWASOnlyAesProvider" type="Microsoft.ApplicationHost.AesProtectedConfigurationProvider" description="Uses an AES session key to encrypt and decrypt" keyContainerName="iisWasKey" cspProviderName="" useOAEP="false" useMachineContainer="true" sessionKey="AQIAAA5mAAAApAAApYI8BiiY8XN6fR5Ss1KzIoB31xACHhSGMMfLrWMwF1r4kh+1T3SkVS+cRbaQj1kJfPIvAv6G+Wwjot42TE0c7zrGkGaikte8dzkwp5d5U63vcc3vk2DTf/Eae4y7uHVtodFZ6gR+IEvAJZNvdyWB2rFnPT/j8T+f5/dCoeLXgnI=" />
    </providers>
</configProtectedData>

<system.applicationHost>
    <sites>
        <site name="apps.mydomain.com" id="2" serverAutoStart="true">
            <application path="/" applicationPool=".NET 2.0 Apps">
                <virtualDirectory path="/" physicalPath="C:\inetpub\wwwroot\apps" />
            </application>
            <application path="/test" applicationPool="test">
                <virtualDirectory path="/" physicalPath="C:\inetpub\wwwroot\apps\test" />
            </application>
            <bindings>
                <binding protocol="http" bindingInformation="*:80:apps.mydomain.com" />
                <binding protocol="net.msmq" bindingInformation="localhost" />
                <binding protocol="net.pipe" bindingInformation="*" />
                <binding protocol="net.tcp" bindingInformation="808:*" />
                <binding protocol="msmq.formatname" bindingInformation="localhost" />
            </bindings>
            <traceFailedRequestsLogging enabled="false" />
        </site>
        <siteDefaults>
            <logFile logFormat="W3C" directory="%SystemDrive%\inetpub\logs\LogFiles" />
            <traceFailedRequestsLogging directory="%SystemDrive%\inetpub\logs\FailedReqLogFiles" />
        </siteDefaults>
        <applicationDefaults applicationPool="DefaultAppPool" />
        <virtualDirectoryDefaults allowSubDirConfig="true" />
    </sites>

</system.applicationHost>

<system.webServer>

    <asp>
        <cache diskTemplateCacheDirectory="%SystemDrive%\inetpub\temp\ASP Compiled Templates" />
    </asp>

    <caching enabled="true" enableKernelCache="true">
    </caching>

    <cgi />

    <defaultDocument enabled="true">
        <files>
            <add value="Default.htm" />
            <add value="Default.asp" />
            <add value="index.htm" />
            <add value="index.html" />
            <add value="iisstart.htm" />
            <add value="default.aspx" />
        </files>
    </defaultDocument>

    <directoryBrowse enabled="false" />

    <fastCgi />

    <!--

      The <globalModules> section defines all native-code modules.
      To enable a module, specify it in the <modules> section.

    -->
    <globalModules>
        <add name="UriCacheModule" image="%windir%\System32\inetsrv\cachuri.dll" />
        <add name="FileCacheModule" image="%windir%\System32\inetsrv\cachfile.dll" />
        <add name="TokenCacheModule" image="%windir%\System32\inetsrv\cachtokn.dll" />
        <add name="HttpCacheModule" image="%windir%\System32\inetsrv\cachhttp.dll" />
        <add name="StaticCompressionModule" image="%windir%\System32\inetsrv\compstat.dll" />
        <add name="DefaultDocumentModule" image="%windir%\System32\inetsrv\defdoc.dll" />
        <add name="DirectoryListingModule" image="%windir%\System32\inetsrv\dirlist.dll" />
        <add name="ProtocolSupportModule" image="%windir%\System32\inetsrv\protsup.dll" />
        <add name="StaticFileModule" image="%windir%\System32\inetsrv\static.dll" />
        <add name="AnonymousAuthenticationModule" image="%windir%\System32\inetsrv\authanon.dll" />
        <add name="RequestFilteringModule" image="%windir%\System32\inetsrv\modrqflt.dll" />
        <add name="CustomErrorModule" image="%windir%\System32\inetsrv\custerr.dll" />
        <add name="HttpLoggingModule" image="%windir%\System32\inetsrv\loghttp.dll" />
        <add name="RequestMonitorModule" image="%windir%\System32\inetsrv\iisreqs.dll" />
        <add name="IsapiModule" image="%windir%\System32\inetsrv\isapi.dll" />
        <add name="IsapiFilterModule" image="%windir%\System32\inetsrv\filter.dll" />
        <add name="ConfigurationValidationModule" image="%windir%\System32\inetsrv\validcfg.dll" />
        <add name="ManagedEngine64" image="%windir%\Microsoft.NET\Framework64\v2.0.50727\webengine.dll" preCondition="integratedMode,runtimeVersionv2.0,bitness64" />
        <add name="ManagedEngine" image="%windir%\Microsoft.NET\Framework\v2.0.50727\webengine.dll" preCondition="integratedMode,runtimeVersionv2.0,bitness32" />
        <add name="WindowsAuthenticationModule" image="%windir%\System32\inetsrv\authsspi.dll" />
        <add name="ManagedEngineV4.0_32bit" image="c:\Windows\Microsoft.NET\Framework\v4.0.30319\webengine4.dll" preCondition="integratedMode,runtimeVersionv4.0,bitness32" />
        <add name="ManagedEngineV4.0_64bit" image="c:\Windows\Microsoft.NET\Framework64\v4.0.30319\webengine4.dll" preCondition="integratedMode,runtimeVersionv4.0,bitness64" />
        <add name="TracingModule" image="%windir%\System32\inetsrv\iisetw.dll" />
        <add name="FailedRequestsTracingModule" image="%windir%\System32\inetsrv\iisfreb.dll" />
    </globalModules>

    <httpCompression directory="%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files">
        <scheme name="gzip" dll="%Windir%\system32\inetsrv\gzip.dll" />
        <staticTypes>
            <add mimeType="text/*" enabled="true" />
            <add mimeType="message/*" enabled="true" />
            <add mimeType="application/x-javascript" enabled="true" />
            <add mimeType="application/atom+xml" enabled="true" />
            <add mimeType="application/xaml+xml" enabled="true" />
            <add mimeType="*/*" enabled="false" />
        </staticTypes>
    </httpCompression>

    <httpErrors lockAttributes="allowAbsolutePathsWhenDelegated,defaultPath">
        <error statusCode="401" prefixLanguageFilePath="%SystemDrive%\inetpub\custerr" path="401.htm" />
        <error statusCode="403" prefixLanguageFilePath="%SystemDrive%\inetpub\custerr" path="403.htm" />
        <error statusCode="404" prefixLanguageFilePath="%SystemDrive%\inetpub\custerr" path="404.htm" />
        <error statusCode="405" prefixLanguageFilePath="%SystemDrive%\inetpub\custerr" path="405.htm" />
        <error statusCode="406" prefixLanguageFilePath="%SystemDrive%\inetpub\custerr" path="406.htm" />
        <error statusCode="412" prefixLanguageFilePath="%SystemDrive%\inetpub\custerr" path="412.htm" />
        <error statusCode="500" prefixLanguageFilePath="%SystemDrive%\inetpub\custerr" path="500.htm" />
        <error statusCode="501" prefixLanguageFilePath="%SystemDrive%\inetpub\custerr" path="501.htm" />
        <error statusCode="502" prefixLanguageFilePath="%SystemDrive%\inetpub\custerr" path="502.htm" />
    </httpErrors>

    <httpLogging dontLog="false" />

    <httpProtocol>
        <customHeaders>
            <clear />
            <add name="X-Powered-By" value="ASP.NET" />
        </customHeaders>
        <redirectHeaders>
            <clear />
        </redirectHeaders>
    </httpProtocol>

    <httpRedirect />

    <httpTracing>
    </httpTracing>

    <isapiFilters>
        <filter name="ASP.Net_2.0.50727-64" path="%windir%\Microsoft.NET\Framework64\v2.0.50727\aspnet_filter.dll" enableCache="true" preCondition="bitness64,runtimeVersionv2.0" />
        <filter name="ASP.Net_2.0.50727.0" path="%windir%\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll" enableCache="true" preCondition="bitness32,runtimeVersionv2.0" />
        <filter name="ASP.Net_2.0_for_V1.1" path="%windir%\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll" enableCache="true" preCondition="runtimeVersionv1.1" />
        <filter name="ASP.Net_4.0_64bit" path="c:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_filter.dll" enableCache="true" preCondition="runtimeVersionv4.0,bitness64" />
        <filter name="ASP.Net_4.0_32bit" path="c:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_filter.dll" enableCache="true" preCondition="runtimeVersionv4.0,bitness32" />
    </isapiFilters>

    <odbcLogging />

    <security>

        <access sslFlags="None" />

        <applicationDependencies>
            <application name="Active Server Pages" groupId="ASP" />
        </applicationDependencies>

        <authentication>

            <anonymousAuthentication enabled="true" userName="IUSR" />

            <basicAuthentication />

            <clientCertificateMappingAuthentication />

            <digestAuthentication />

            <iisClientCertificateMappingAuthentication />

            <windowsAuthentication enabled="false">
                <providers>
                    <add value="Negotiate" />
                    <add value="NTLM" />
                </providers>
            </windowsAuthentication>

        </authentication>

        <authorization />

        <ipSecurity />

        <isapiCgiRestriction>
            <add path="%windir%\Microsoft.NET\Framework64\v2.0.50727\aspnet_isapi.dll" allowed="true" groupId="ASP.NET v2.0.50727" description="ASP.NET v2.0.50727" />
            <add path="%windir%\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll" allowed="true" groupId="ASP.NET v2.0.50727" description="ASP.NET v2.0.50727" />
            <add path="C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" allowed="true" groupId="ASP.NET v4.0.30319" description="ASP.NET v4.0.30319" />
            <add path="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" allowed="true" groupId="ASP.NET v4.0.30319" description="ASP.NET v4.0.30319" />
            <add path="%windir%\system32\inetsrv\asp.dll" allowed="true" groupId="ASP" description="Active Server Pages" />
        </isapiCgiRestriction>

        <requestFiltering>
            <fileExtensions allowUnlisted="true" applyToWebDAV="true">
                <add fileExtension=".asax" allowed="false" />
                <add fileExtension=".ascx" allowed="false" />
                <add fileExtension=".master" allowed="false" />
                <add fileExtension=".skin" allowed="false" />
                <add fileExtension=".browser" allowed="false" />
                <add fileExtension=".sitemap" allowed="false" />
                <add fileExtension=".config" allowed="false" />
                <add fileExtension=".cs" allowed="false" />
                <add fileExtension=".csproj" allowed="false" />
                <add fileExtension=".vb" allowed="false" />
                <add fileExtension=".vbproj" allowed="false" />
                <add fileExtension=".webinfo" allowed="false" />
                <add fileExtension=".licx" allowed="false" />
                <add fileExtension=".resx" allowed="false" />
                <add fileExtension=".resources" allowed="false" />
                <add fileExtension=".mdb" allowed="false" />
                <add fileExtension=".vjsproj" allowed="false" />
                <add fileExtension=".java" allowed="false" />
                <add fileExtension=".jsl" allowed="false" />
                <add fileExtension=".ldb" allowed="false" />
                <add fileExtension=".dsdgm" allowed="false" />
                <add fileExtension=".ssdgm" allowed="false" />
                <add fileExtension=".lsad" allowed="false" />
                <add fileExtension=".ssmap" allowed="false" />
                <add fileExtension=".cd" allowed="false" />
                <add fileExtension=".dsprototype" allowed="false" />
                <add fileExtension=".lsaprototype" allowed="false" />
                <add fileExtension=".sdm" allowed="false" />
                <add fileExtension=".sdmDocument" allowed="false" />
                <add fileExtension=".mdf" allowed="false" />
                <add fileExtension=".ldf" allowed="false" />
                <add fileExtension=".ad" allowed="false" />
                <add fileExtension=".dd" allowed="false" />
                <add fileExtension=".ldd" allowed="false" />
                <add fileExtension=".sd" allowed="false" />
                <add fileExtension=".adprototype" allowed="false" />
                <add fileExtension=".lddprototype" allowed="false" />
                <add fileExtension=".exclude" allowed="false" />
                <add fileExtension=".refresh" allowed="false" />
                <add fileExtension=".compiled" allowed="false" />
                <add fileExtension=".msgx" allowed="false" />
                <add fileExtension=".vsdisco" allowed="false" />
                <add fileExtension=".rules" allowed="false" />
                <add fileExtension=".asa" allowed="false" />
            </fileExtensions>
            <verbs allowUnlisted="true" applyToWebDAV="true" />
            <hiddenSegments applyToWebDAV="true">
                <add segment="web.config" />
                <add segment="bin" />
                <add segment="App_code" />
                <add segment="App_GlobalResources" />
                <add segment="App_LocalResources" />
                <add segment="App_WebReferences" />
                <add segment="App_Data" />
                <add segment="App_Browsers" />
            </hiddenSegments>
        </requestFiltering>

    </security>

    <serverRuntime />

    <serverSideInclude />


    <tracing>

        <traceFailedRequests />

        <traceProviderDefinitions>
            <add name="ASPNET" guid="{AFF081FE-0247-4275-9C4E-021F3DC1DA35}">
                <areas>
                    <add name="Infrastructure" value="1" />
                    <add name="Module" value="2" />
                    <add name="Page" value="4" />
                    <add name="AppServices" value="8" />
                </areas>
            </add>
            <add name="WWW Server" guid="{3a2a4e84-4c21-4981-ae10-3fda0d9b0f83}">
                <areas>
                    <clear />
                    <add name="Authentication" value="2" />
                    <add name="Security" value="4" />
                    <add name="Filter" value="8" />
                    <add name="StaticFile" value="16" />
                    <add name="CGI" value="32" />
                    <add name="Compression" value="64" />
                    <add name="Cache" value="128" />
                    <add name="RequestNotifications" value="256" />
                    <add name="Module" value="512" />
                    <add name="FastCGI" value="4096" />
                </areas>
            </add>
            <add name="ASP" guid="{06b94d9a-b15e-456e-a4ef-37c984a2cb4b}">
                <areas>
                    <clear />
                </areas>
            </add>
            <add name="ISAPI Extension" guid="{a1c2040e-8840-4c31-ba11-9871031a19ea}">
                <areas>
                    <clear />
                </areas>
            </add>
        </traceProviderDefinitions>

    </tracing>

    <urlCompression />

    <validation />

</system.webServer>
<location path="" overrideMode="Allow">
    <system.webServer>
        <modules>
            <add name="HttpCacheModule" lockItem="true" />
            <add name="StaticCompressionModule" lockItem="true" />
            <add name="DefaultDocumentModule" lockItem="true" />
            <add name="DirectoryListingModule" lockItem="true" />
            <add name="IsapiFilterModule" lockItem="true" />
            <add name="ProtocolSupportModule" lockItem="true" />
            <add name="StaticFileModule" lockItem="true" />
            <add name="AnonymousAuthenticationModule" lockItem="true" />
            <add name="RequestFilteringModule" lockItem="true" />
            <add name="CustomErrorModule" lockItem="true" />
            <add name="IsapiModule" lockItem="true" />
            <add name="HttpLoggingModule" lockItem="true" />
            <add name="ConfigurationValidationModule" lockItem="true" />
            <add name="OutputCache" type="System.Web.Caching.OutputCacheModule" preCondition="managedHandler" />
            <add name="Session" type="System.Web.SessionState.SessionStateModule" preCondition="managedHandler" />
            <add name="WindowsAuthenticationModule" lockItem="true" />
            <add name="WindowsAuthentication" type="System.Web.Security.WindowsAuthenticationModule" preCondition="managedHandler" />
            <add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule" preCondition="managedHandler" />
            <add name="DefaultAuthentication" type="System.Web.Security.DefaultAuthenticationModule" preCondition="managedHandler" />
            <add name="RoleManager" type="System.Web.Security.RoleManagerModule" preCondition="managedHandler" />
            <add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule" preCondition="managedHandler" />
            <add name="FileAuthorization" type="System.Web.Security.FileAuthorizationModule" preCondition="managedHandler" />
            <add name="AnonymousIdentification" type="System.Web.Security.AnonymousIdentificationModule" preCondition="managedHandler" />
            <add name="Profile" type="System.Web.Profile.ProfileModule" preCondition="managedHandler" />
            <add name="UrlMappingsModule" type="System.Web.UrlMappingsModule" preCondition="managedHandler" />
            <add name="ServiceModel-4.0" type="System.ServiceModel.Activation.ServiceHttpModule, System.ServiceModel.Activation, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler,runtimeVersionv4.0" />
            <add name="UrlRoutingModule-4.0" type="System.Web.Routing.UrlRoutingModule" preCondition="managedHandler,runtimeVersionv4.0" />
            <add name="ScriptModule-4.0" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler,runtimeVersionv4.0" />
            <add name="ServiceModel" type="System.ServiceModel.Activation.HttpModule, System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler,runtimeVersionv2.0" />
            <add name="FailedRequestsTracingModule" lockItem="true" />
        </modules>
        <handlers accessPolicy="Read, Script">        
        </handlers>
    </system.webServer>
</location>
<location path="apps.mydomain.com/test">
    <system.webServer>
        <security>
            <authentication>
                <anonymousAuthentication enabled="false" userName="" />
                <windowsAuthentication enabled="true" useKernelMode="true">
                    <extendedProtection tokenChecking="None" />
                </windowsAuthentication>
            </authentication>
        </security>
    </system.webServer>
</location>

Best Answer

Most likely, because the http://servername/site/ is working, it is because you are resolving to internal DNS servers, so Windows Auth kicks in for you. Have you tried explicitly setting the authentication method to 'Windows' in the web.config file?

<authentication mode="Windows" />
Related Topic