Click here to Skip to main content
15,868,016 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
I have a windows forms based web application written on VB.NET and currently being used by a large number of users.

I currently am facing an issue where the application is being authenticated with an another user account instead of authenticating with the current user using the application.

I am using User.Identity.Name for user authentication and have only Windows Authentication enabled.


Other Details

The application is hosted in IIS on a windows 7 server machine from where it is accessible to everyone.

Strange thing is that the issue occurs only for 2 users and works fine for everyone else. Also it occurs only when using the hosted application(production url).

Observations
1) On debugging the application using the actual code on their local machines, their
respective user ids are fetched as expected.
2) Issue occurs in
- Chrome regular mode
- Chrome incognito mode
- Firefox regular mode
Issue doesnt occur in
- Firefox private mode

So I do not have a clue how to proceed here and what might be the root cause for the issue. Can anyone provide me some ideas to find the root cause of the issue and also a way to resolve it?

What I have tried:

I have made sure both Anonymous and Form Based modes of authentication are disabled.
Identity Impersonation is set to False.

I have also made sure there are no credentials set for the website in Credentials Manager.

I have also tried clearing browsing data including cache and other cookies.
Posted
Updated 14-Oct-20 21:19pm
v2
Comments
ZurdoDev 14-Oct-20 12:11pm    
What do you mean by " the application is being authenticated with an admin account instead?"
Member 14940951 15-Oct-20 2:57am    
@ZurdoDev,

When we access the website from a local machine, the expected result is that the application must be authenticated with the current logged in user. But here instead it is authenticated with a different user id (which is an admin account).

In my case, admin account is just another LDAP user account which is used in our daily services with more access rights than a normal user. It is also the account with which the Windows 7 server machine is logged on.

The application works fine as expected for everyone else except in case of the these 2 particular users.

This issue occurs to the above users only while accessing the hosted application(production url). When I debug the application via code locally on their machines, their respective user ids are fetched as expected.

I have also tried clearing the entire browsing data including cookies and cache.
ZurdoDev 15-Oct-20 7:11am    
How can you tell what account they are being logged in as?

The account has to come from somewhere. Do they have a shortcut that is set to run as a different account? Are you sure they are logged onto the machine the way you think they are?

There's no magic here, somewhere it's picking up that account or you have code that defaults when a user is not found, or something.
Member 14940951 15-Oct-20 12:13pm    
I have cross checked and they login with their respective user ids only. There is no shortcut that is set to run as a different account. Also there is no default case scenario set such as when a user is not found, it is filled with another user id.
ZurdoDev 15-Oct-20 12:17pm    
It's somewhere. You'll just have to keep looking.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900