This is really pretty simple but I was surprised not to find it in any one blog posting. It's easy to display the Application Pool account rather than the logged in user. Some articles said to turn on Impersonation, but that's often a bad idea for other reasons. This is what worked for me just now:
string username = "";
IPrincipal userIdentity = HttpContext.Current.User;
PrincipalContext context = new PrincipalContext(ContextType.Domain);
UserPrincipal userPrincipal =
if (userPrincipal != null)
username = userPrincipal.DisplayName;
I hope this helps someone; thanks!