Where can I find user identity when using webapi with Windows Authentication on IIS8

Question

I'm trying to find out how to find the identity of the logged on user in an webapi. On dev server and on older IIS7 the identity is available in multiple places, but when I try to set up my application on IIS8 all known sources are blank.

Using <authentication mode="Windows" /> I can normally see the user identity in the following places:

System.Web.HttpContext.Current.User.Identity.Name
User.Identity.Name
Thread.CurrentPrincipal.Identity.Name

But on IIS8 they all come up empty.

Any ideas where to look, or how to configure IIS8 or my application to find the useridentity ?

Answer 1

ApiController.User

is what you need. Web API is free of System.Web so it behaves differently.

Answer 2

You are authenticating with an anonymous user.
You can disallow anonymous access by editing the web.config:

<system.web>
  <authorization>
    <deny users="?" />   <!-- The question-mark represents the `anonymous`-user) -->
  </authorization>
</system.web>

Normally when System.Web.HttpContext.Current.User.Identity.Name is empty the windows authentication failed. Take a look at HttpContext.Current.Request.IsAuthenticated.

Compare the settings between IIS7 and IIS8 too.
(app-pool, web.config and also the IIS-Authentication settings)

Another problem could be the client (Browser and its settings) you are using. Maybe the browser does not deliver the windows identity.

For Internet Explorer verify:
Settings -> Advanced -> "Enable Integrated Windows Authentication*"