Sign in as different user in ASP.MVC is not changing user identity

Question

I'm developing an MVC web application using the Windows authentication. The aim is to allow automated logging when the page is opened but allow signing as different user on demand. I'm trying to use the code from here 'Login as another user' MVC 4 Windows Authentication and here http://www.roelvanlisdonk.nl/?p=825 but none of them is working for me.

I've simplified the case to the maximum, so it looks as follows:

public string Logout()
{
    AuthenticationAttempts = AuthenticationAttempts + 1;
    if (AuthenticationAttempts == 1)
    {
        this.Send401();
    }
    var domain = User.Identity.Name.Split('\\')[0];
    var user = User.Identity.Name.Split('\\')[1];
    return string.Format("Domain: {0}<br>User: {1}", domain, user);
}

/// <summary>
/// Send a 401 response
/// </summary>
public void Send401()
{
    // Create a 401 response, the browser will show the log-in dialogbox, asking the user to supply new credentials, 
    // if browser is not set to "automaticaly sign in with current credentials"
    Response.Buffer = true;
    Response.StatusCode = 401;
    Response.StatusDescription = "Unauthorized";

    // A authentication header must be supplied. This header can be changed to Negotiate when using keberos authentication
    Response.AddHeader("WWW-Authenticate", "NTLM");

    // Send the 401 response
    Response.End();
}

private int _authenticationAttempts = 0;
public int AuthenticationAttempts
{
    get
    {
        if (!string.IsNullOrEmpty(string.Format("{0}", Session["AuthenticationAttempts"])))
        {
            int.TryParse(Session["AuthenticationAttempts"].ToString(), out _authenticationAttempts);
        }

        return _authenticationAttempts;
    }
    set
    {
        _authenticationAttempts = value;
        Session["AuthenticationAttempts"] = _authenticationAttempts;
    }
}

When I call Logout action method for the first time I'm getting the sign in window, but when I click okay the User.Identity is still as it was.

EDIT:

I found that

Request.ServerVariables["LOGON_USER"]

stores newly logged user identity, but why User.Identity isn't changing?

score 1 · Answer 1 · answered Nov 06 '14 at 11:17

Step 1:Open Web.config file and make following modifications:

<!—
<authentication mode="Forms">
  <forms loginUrl="~/Account/Login" timeout="2880" />
</authentication>
-->

<authentication mode="Windows" />

Step 2:By default MVC apps uses Form Authentication and Simple Membership, so you need to make it ‘false’ in order to run Windows Authentication.

<appSettings>
  <add key="webpages:Version" value="2.0.0.0" />
  <add key="webpages:Enabled" value="false" />
  <add key="PreserveLoginUrl" value="true" />
  <add key="ClientValidationEnabled" value="true" />
  <add key="UnobtrusiveJavaScriptEnabled" value="true" />

  <add key="autoFormsAuthentication" value="false" />
  <add key="enableSimpleMembership" value="false"/>

</appSettings>

Step 3:Select project name in solution explorer and then in the property explorer, click to enable the Windows Authentication.

Step 4:In the property explorer you can disable the Anonymous Authentication if you want your complete website for authenticated users on development server.

Reference

Thank you, you're right it's all required. But I have all these settings properly set... — Arkadiusz Kałkus, Nov 06 '14 at 11:33

Sign in as different user in ASP.MVC is not changing user identity

1 Answers1