Web API, APIController, Empty User

Question

I have a standard web form app which is authenticated using IIS's Windows Authentication setting.

As I now need to expose some the data via Web API, I have added an APIController which I can successfully retrieve the required data, however, I need to restrict what is returned based on the identity of the requestor.

The problem is that the this.User.Identity is coming back empty..

[System.Security.Principal.WindowsIdentity]: {System.Security.Principal.WindowsIdentity}
AuthenticationType: ""
IsAuthenticated: false
Name: ""

I am new to Web API so not sure what I have done wrong / forgotten to do...

FYI - The authentication on the web form app is working perfectly...

@granadaCoder Sorry... I can't remember what happened with this, it was over a year ago now... I think I took a different approach to WebAPI — Chris Hammond, Aug 06 '15 at 07:50

score 2 · Answer 1 · edited May 23 '17 at 12:10

2

Having "anonymous authentication" enabled..along side of "windows authentication" will create this "empty windowsIdentity" problem.

Longer discussion (and my problem and answer) here:

HttpClient calling a Windows-Authenication ApiController Method...but no WindowsIdentity coming along for the ride

Also see:

How to get Windows user name when identity impersonate="true" in asp.net?

edited May 23 '17 at 12:10

Community

1
1

answered Aug 08 '15 at 18:26

granadaCoder

23,729
8
95
129

score 0 · Answer 2 · answered May 19 '14 at 13:48

WebSecurity was introduced in ASP.NET MVC 4. It relies on the SimpleMembershipProvider. It uses FormsAuthentication to manage cookies

WebMatrix.WebData.WebSecurity is provides security and authentication features for ASP.NET Web Pages applications, including the ability to create user accounts, log users in and out, reset or change passwords, and perform related tasks.

The WebSecurity class is used to perform security operations

You must create or initialize an WebSecurity database before you can use the WebSecurity object in your code.

In the root of your web, create a page (or edit the page ) named _AppStart.cshtml.

_AppStart.cshtml

@{
WebSecurity.InitializeDatabaseConnection("Users", "UserProfile", "UserId", "Email", true);
}

you can authenticate your request by following code.

WebSecurity.Login(LoginName, Password, true)

once authenticated successed , you will get value of WebSecurity.IsAuthenticated is true and you will get user's identity

Errm.. OK, I am new to all this... I've not (knowingly) done anything related to MVC 4... All I did was add a "Web API Controller"... to a basic webforms application. — Chris Hammond, May 19 '14 at 14:03
read this articles this will help you more about how to use membership and WebSecurity in you mvc application: http://www.asp.net/web-pages/tutorials/security/16-adding-security-and-membership — Chandrika Prajapati, May 21 '14 at 05:37

score 0 · Answer 3 · answered May 21 '14 at 05:40

0

Read this articles. it will give more information about WebSecurity and how to use it

http://www.codeguru.com/csharp/.net/net_asp/mvc/using-simplemembership-in-asp.net-mvc-4.htm

http://www.mono-software.com/blog/post/Mono/226/Adding-ASP-NET-SimpleMembership-to-an-existing-MVC-4-application/

answered May 21 '14 at 05:40

Chandrika Prajapati

958
1
7
11

Thanks, but this is not MVC... It's a standard ASP.Net web form application with a Web API bolted on to share out some of the data structures. The webforms are receiving the identity (from IIS/Windows Authentication) no problem, but the APIController is not, the `User` property is empty. – Chris Hammond May 21 '14 at 06:25

Web API, APIController, Empty User

3 Answers3