Getting the NTLM Username into your Silverlight application

17 comments|Posted on December 7th, 2008

Sometimes you want to know the username of a user that's logged on to your domain. This specially the occasion for intranet applications. Let's assume we are building an intranet application because this is the only occasion where a NTLM username is valid I guess. There is no way we can get the NTLM Username directly from within Silverlight yet. So we have two options left: Client Side Javascript and Server Side scripting.

Client Side

Let's begin with the Client Side Javascript. At least we should start investigating it. The first piece of code I found makes use of ActiveX, see the following:

var wshshell=new ActiveXObject("wscript.shell");
var username=wshshell.ExpandEnvironmentStrings("%username%");

Sadly it throws an error, not a good start. Google again. Not many options left, most people just say it isn't possible. After a while I found the following:

var wshNetwork = new ActiveXObject("WScript.Network");
var username = WshNetwork.UserName;

But this also throws an error. So I guess we are left to the Server Side solution.

Server Side

So what we have left is Server Side scripting. We can again take different approaches like calling the server side through Ajax but I took the easy way, by just generating the NTLM Username into the HTML. We can make use of the InitParams to pass some startup parameters to the Silverlight control. The InitParams is a string that has comma-separated name-value pairs that are separated by the equals sign. So this could look like the following in HTML:

<param name="InitParams" value="name1=value1,name2=value2" />

What we do in the ASPX page where the Silverlight control is hosted, add the following code in the Page_Load:

1 if (User != null && User.Identity != null && User.Identity.IsAuthenticated)
2   Silverlight1.InitParameters = string.Format("User.Identity.Name={0}", User.Identity.Name);

In Silverlight we can read this value in the App.xaml.cs.

1 private void Application_Startup(object sender, StartupEventArgs e)
2 {
3   string userName = e.InitParams["User.Identity.Name"];
4   this.RootVisual = new Page();
5 }

The generated HTML looks like the following:

<param name="InitParams" value="User.Identity.Name=DOMAINNAME\Username"></param>
  • Gravatar Bart Czernicki December 9th, 2008 at 00:10
    I have used the same solution, with the one difference is that I Base64 encoded the string (dunno about weird characters making it to Silverlight or not) and you can encrypt it to be more secure. I don't like leaving clear text uernames in the page as it comes down as a string over the network (Internet or Intranet).
  • Gravatar Mark Monster December 9th, 2008 at 22:21
    Good to read others have used the same solution already. I agree it's not safe, but it can made safe by encrypting the data.
  • Gravatar Aaron December 19th, 2008 at 23:23
    A SSL/HTTPS connection would be the best way to protect this data -- as anything else involves a key which would have either been sent to the client or embedded in the IL (which is viewable with tools such as reflector).
  • Gravatar Govardhan March 12th, 2009 at 08:51
    This work fine in the debug mode and not when i publish UserName is empty. Can you help me in this issue?

    - Govardhan
  • Gravatar Govardhan March 12th, 2009 at 08:52
    Let me know if any more details is req
  • Gravatar Mark Monster March 12th, 2009 at 09:00
    Ah, I guess you're publishing on IIS. When you right click on the specific application in IIS choose <b>properties</b>. Click the <b>Directory Security</b> tab. Under <b>Authentication and access control</b> click <b>Edit</b>. Is <b>Integrated Windows Authentication</b> checked?
  • Gravatar Greg March 12th, 2009 at 17:57
    does this mean I don't have to createa login form for my silverlight app and I can access underlying Active Directory info?
    Where is 'User' declared/defined in the following line?
    if (User != null &amp;&amp; User.Identity != null &amp;&amp; User.Identity.IsAuthenticated)
    Thanks!
  • Gravatar Mark Monster March 12th, 2009 at 18:54
    @Greg: This does only mean that the information that's exposed to the ASP.NET application, being the NTLM username can be passed to the Silverlight application. User is declared in your ASP.NET Page. This is the same user that's available in your ASP.NET application when users already logged on your domain access your ASP.NET application.
  • Gravatar krishna July 17th, 2009 at 18:20
    Can you provide any code sample for this example.
    I want to find the logged in user name in silverlight.

    My Silverlight app connect to SQL server using WCF &amp; LINQ. I am running a WCF service in anonymous mode. When I try to change this to ‘windows authentication’ to get the user credentials. It is not allowing me to change.

    Can you provide some sample example for your Server Side solution.
    Thank you very much for help.
  • Gravatar Mark Monster July 17th, 2009 at 19:43
    @Krishna for more details on how to this with WCF, please read my other article.

    Silverlight using WCF with Windows Authentication: http://mark.mymonster.nl/2009/05/12/silverlight-using-wcf-with-windows-authentication/
  • Gravatar Jay January 29th, 2010 at 19:29
    One question with your code - Silverlight1.InitParameters = string.Format("User.Identity.Name={0}", User.Identity.Name);

    Where do you get the reference to Silverlight1? I am sure it's a reference to the Silverlight Object, but how do you get that object from the server side?
  • Gravatar Mark Monster January 29th, 2010 at 20:14
    @Jay,

    This was the time when we still had a Serverside control to render the object html.
  • Gravatar Andrew August 19th, 2010 at 02:53
    Hi Mark

    I gather from your comments on 29th Jan 2010 (20:14) that this no longer works in SL3/SL4? Can you confirm? thanks
  • Gravatar Mark Monster September 13th, 2010 at 07:24
    Hi Andrew,

    It's true, the exact implementation will be difficult because the Silverlight server-control doesn't exist in ASP.NET anymore. But the concept, of filling initParams still works.
  • Gravatar Ricardo January 6th, 2011 at 00:03
    First I would like to congratulate the excellent work

    I'm trying to do something like in a intranet

    I'm developing an application in silverlight

    is it possible to get the username of the client's windows and use the same user name in a variable in sql?
  • Gravatar Mark Monster January 6th, 2011 at 09:59
    Hi Ricardo,

    You can use this example. With the exception that the server control to host Silverlight no longer exists. But if you are able to get the username inside the initParams, than the usage in a variable is almost peanuts.

    Please let me know if you need more help.
  • Gravatar Ricardo January 6th, 2011 at 15:12
    I tried using "string username = WindowsIdentity.GetCurrent (). Name.Substring (4);"

    works well but only for local machine.

    What I want is to get the username from the client

    the string that I quoted above does not work for the xaml.cs

    works only for CS file

    it is possible to collect through the server the username of the local machine?

    thanks
Gravatar
About me
I am Mark Monster, a Software Engineer specialized in Microsoft technology with a special interest for Silverlight and Windows Phone 7. In april 2010, Microsoft rewarded me with a MVP Award for Silverlight. Portret photo of Mark Monster
Tags
Get Microsoft Silverlight
History
Links