I have an ASP.NET 3.5 web service (the old school SOAP, not WCF), running on two servers configured identically in IIS 6.0. Authentication / access control is configured as follows:
- Enable Anonymous Access = False
- Integrated Windows Authentication = True
- Digest Authentication for Windows Domain Servers = False
- Basic Authentication = False
- .NET Authentication Passport = False
In one of the web methods, I need to get the identifier of the requesting user and check it in a specific Active Directory group. So, the first line of code in the web method is this:
var requestUser = HttpContext.Current.Request.LogonUserIdentity.Name;
For some reason, the results differ between the two servers. Server1 works as expected, creating domain\UserId . However, Server2 creates Server2\IUSR_SERVER2 . Has anyone experienced this before? I found this question , but I'm sure it does not apply here, as the client and both servers are in the same domain.
Additional Information
Based on Heinzi's answer, I added the following to the <system.web> section in the web.config files:
<authorization> <deny users="?" /> <allow users="*" /> </authorization>
Now Server1 behaves the same as in, it behaves the way I want it. However, Server2 throws 401.2: Unauthorized error:
Server error in application "/".
Access is denied. Description: An error occurred while accessing the resources needed to service this request. The server may not be configured to access the requested URL.
Error message 401.2 .: Unauthorized. Login failed due to server configuration. Make sure that you have permission to view this directory or page based on the credentials you provided and the authentication methods included on the web server. Contact your web server administrator for further assistance.
Version Information: Microsoft.NET Framework Version: 2.0.50727.3603; ASP.NET Version: 2.0.50727.3053