Detect in C# the name of the ASP.NET user.

[Guest]

I am making a ASP.NET application that connects to a database.

I want to distribute this to my customers that may have different Windows
OS, so my installer must handle different windows versions.
The installer makes sure SQL Server 2005 is there, IIS is ready and ASP.NET
is set up properly.

In my installer I am using the following SQL statement to enable ASP.NET to
connect to my database.
CREATE LOGIN [NT AUTHORITY\NETWORK SERVICE] FROM WINDOWS
followed by
sp_grantdbaccess 'NT AUTHORITY\NETWORK SERVICE'

This works like a charm when the ASP.NET user is NT AUTHORITY\NETWORK
SERVICE, but that is not the case for all Windows versions.
It even depends on the language of the windows operation system.
Example: I tried it on a Swedish Windows 2003 Server, and then the user was
"NT INSTANS\NETWORK SERVICE"
Again, on other machines, the user is "machinename\ASPNET"

How do I detect (in C#) the name (including domain) of the user that runs
the ASP.NET process?

Thankful for any response

 

[Guest]

This code may be helpful:

System.Security.Principal.WindowsIdentity.GetCurrent().Name;

 

[Guest]

The problem is a little more complicated.

I don't need the name of the user running the current process.
I want to get the name of the user running the ASP.NET processes in IIS,
when I am running in an installer process probable running as an
Administrator.

How is that done?

 

[Juan T. Llibre]

re:
!> I want to get the name of the user running the ASP.NET processes in IIS

Use WindowsIdentity.GetCurrent.Name() :

-------------
<%@ Page Language="VB" %>
<%@ Import NameSpace = System.Security.Principal %>
<script runat="server">
Sub Page_Load()
Dim tmp As String = WindowsIdentity.GetCurrent.Name()
Label1.Text = "ASP.NET is running as the account : " & tmp
End Sub
</script>
<html>
<head>
<title>What account is ASP.NET running as ?</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:Label ID="Label1" Runat="server" Text="Label"></asp:Label>
</div>
</form>
</body>
</html>
-------------



Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
======================================

 

[Guest]

Using an ASP.NET process to get the name does not work for my case.
In my installer process (running as an administrator) I need to get the name
of the ASP.NET user.
The reason for this is that I need to grant ASP.NET SQL access, and that has
to happen in a process that already has SQL access, namely the installer
process.

This needs to happen automatically in my installer.
With code written in C#.

Any other suggestions?
Using SIDs somehow?
Quering machine.config somehow?
Asking IIS somehow?

 

[Alexey Smirnov]

Using an ASP.NET process to get the name does not work for my case.
In my installer process (running as an administrator) I need to get the name
of the ASP.NET user.
The reason for this is that I need to grant ASP.NET SQL access, and that has
to happen in a process that already has SQL access, namely the installer
process.

This needs to happen automatically in my installer.
With code written in C#.

Any other suggestions?
Using SIDs somehow?

If your installer is a Windows application, you can use
Process.GetProcesses() or Process.GetProcessesByName() methods to find
if aspnet_wp is running and get the account name associated with that
process (like in the Task Manager). Let me know if you need an example
of the code.

Quering machine.config somehow?
Asking IIS somehow?

As far as I remember on Win2003 identity is saved not in
machine.config

 

[Guest]

Thanx a lot for the reply.

A code example would be great.
Is the aspnet_wp process always running when IIS and ASP.NET is set up, or
only when processing requests?

-- Vilhelm Heiberg

 

[Jesse Houwing]

Hello Vilhelm,

Thanx a lot for the reply.

A code example would be great.
Is the aspnet_wp process always running when IIS and ASP.NET is set
up, or
only when processing requests?

Only when there is an active appdomain. And under Windows 2003 and up, there
is no aspnet_wp process. It's all under w3wp.exe under windows 2003. Depending
on the settings of your IIS you can have multiple aspnet_wp or w3wp's running
under different credentials.

Wouldn't it be better to just show textbox and allow the installing user
to select the correct account used to run the application?

Jesse

 

[Alexey Smirnov]

Hello Vilhelm,



Only when there is an active appdomain. And under Windows 2003 and up, there
is no aspnet_wp process. It's all under w3wp.exe under windows 2003. Depending
on the settings of your IIS you can have multiple aspnet_wp or w3wp's running
under different credentials.

Jesse is right. So, there can be a situation when aspnet_wp on IIS 5,
or w3wp on IIS 6 is not yet running (because for example the website
is not yet requested), or you can get more than one process because of
multiple applications

Here's the code to get User Name of the running process:

using System.Management;
using System.Security.Principal;

[Flags]
enum TOKEN_ACCESS : uint
{
TOKEN_QUERY = 0x0008
};

[DllImport("Advapi32.dll", SetLastError = true)]
extern static int OpenProcessToken(IntPtr processHandle, TOKEN_ACCESS
desiredAccess, out IntPtr tokenHandle);

[DllImport("kernel32.dll", SetLastError = true)]
extern static bool CloseHandle(IntPtr handle);

static void GetProc()
{
string[] processNames = { "aspnet_wp", "w3wp" };
bool ok = false;
foreach (string processName in processNames)
{
foreach (Process process in Process.GetProcessesByName(processName))
{
ok = true;
IntPtr token = IntPtr.Zero;
OpenProcessToken(process.Handle, TOKEN_ACCESS.TOKEN_QUERY, out token);
WindowsIdentity who = new WindowsIdentity(token);
CloseHandle(token);
Console.WriteLine("{0}", who.Name);
}
Console.WriteLine("Found: {0}", ok.ToString());
}

I check for "aspnet_wp" and "w3wp", but of course you can identify
what version of Windows is installed and use "w3wp" for Win2003 and
"aspnet_wp" for Win2000 and XP. If there are more than one process
were found then you will need to find somehow what application pool
will be used for your application.

Wouldn't it be better to just show textbox and allow the installing user
to select the correct account used to run the application?

I think it's a good idea