Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Web.HttpContext.Current.User.Identity.Name is blank

Reply
Thread Tools

Web.HttpContext.Current.User.Identity.Name is blank

 
 
Dan Bart
Guest
Posts: n/a
 
      11-20-2003
I am using an application which is a modification of IBuySpy Portal.
It is using Forms authentication. Users login and their name is added
to
Context
Then I use:

Web.HttpContext.Current.User.Identity.Name

to write audit trail as to what users do. Now recently on one of the
activities I noticed that the

Web.HttpContext.Current.User.Identity.Name was blank. Which should not
have been possible?

Can someone please tell me why this could have happened? And how I can
prevent this?



Thanks,



db
 
Reply With Quote
 
 
 
 
Teemu Keiski
Guest
Posts: n/a
 
      11-22-2003
And it is put to the Context on every request i.e user is athenticated with
forms auth and then in Application_AuthenticateRequest you populate the
HttpContext with the Principal? I am asking because HttpContext is recreated
for every request which means that user details must also.

--
Teemu Keiski
MCP, Microsoft MVP (ASP.NET), AspInsiders member
ASP.NET Forum Moderator, AspAlliance Columnist


"Dan Bart" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) om...
> I am using an application which is a modification of IBuySpy Portal.
> It is using Forms authentication. Users login and their name is added
> to
> Context
> Then I use:
>
> Web.HttpContext.Current.User.Identity.Name
>
> to write audit trail as to what users do. Now recently on one of the
> activities I noticed that the
>
> Web.HttpContext.Current.User.Identity.Name was blank. Which should not
> have been possible?
>
> Can someone please tell me why this could have happened? And how I can
> prevent this?
>
>
>
> Thanks,
>
>
>
> db



 
Reply With Quote
 
 
 
 
Dan Bart
Guest
Posts: n/a
 
      12-10-2003
Yes it is put in the Context on every request in Global.asax.vb

Thanks,

db

> And it is put to the Context on every request i.e user is athenticated with
> forms auth and then in Application_AuthenticateRequest you populate the
> HttpContext with the Principal? I am asking because HttpContext is recreated
> for every request which means that user details must also.
>
> --
> Teemu Keiski
> MCP, Microsoft MVP (ASP.NET), AspInsiders member
> ASP.NET Forum Moderator, AspAlliance Columnist
>
>
> "Dan Bart" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) om...
> > I am using an application which is a modification of IBuySpy Portal.
> > It is using Forms authentication. Users login and their name is added
> > to
> > Context
> > Then I use:
> >
> > Web.HttpContext.Current.User.Identity.Name
> >
> > to write audit trail as to what users do. Now recently on one of the
> > activities I noticed that the
> >
> > Web.HttpContext.Current.User.Identity.Name was blank. Which should not
> > have been possible?
> >
> > Can someone please tell me why this could have happened? And how I can
> > prevent this?
> >
> >
> >
> > Thanks,
> >
> >
> >
> > db

 
Reply With Quote
 
Pete
Guest
Posts: n/a
 
      12-18-2003
Hi Dan,

I notice this behaviour too but only after the initial authentication
request. Subsequent requests contain the expected user name.

--
Cheers

Pete

XBOX Live Leagues & Tournaments
http://www.xboxracing.net/
"Dan Bart" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) om...
> I am using an application which is a modification of IBuySpy Portal.
> It is using Forms authentication. Users login and their name is added
> to
> Context
> Then I use:
>
> Web.HttpContext.Current.User.Identity.Name
>
> to write audit trail as to what users do. Now recently on one of the
> activities I noticed that the
>
> Web.HttpContext.Current.User.Identity.Name was blank. Which should not
> have been possible?
>
> Can someone please tell me why this could have happened? And how I can
> prevent this?
>
>
>
> Thanks,
>
>
>
> db



 
Reply With Quote
 
Andrea D'Onofrio [MSFT]
Guest
Posts: n/a
 
      12-18-2003
To populate the LOGON_USER variable when you use any authentication mode
other than None, you can deny access to the Anonymous user in the
<authorization> section of the Web.config file and change the authentication
mode other then None.

NOTE: When you enable Anonymous authentication in conjunction with Windows
authentication <or> if you grant access to the Anonymous user in the
<authorization> section while you are using any authentication mode other
than None, other server variables such as AUTH_USER and REMOTE_USER (as well
as the HttpContext.Current.User.Identity.Name property) also return an
empty string. You can use the any of the above-mentioned resolutions to
populate these variables.

Please refer to this public article for any additional details:
306359 PRB: Request.ServerVariables("LOGON_USER") Returns Empty String in
http://support.microsoft.com/?id=306359

HtH,
Andrea

--
This posting is provided "AS IS" with no warranties, and confers no rights.

"Pete" <pete denness a-t qsadotcodotuk> wrote in message
news:%(E-Mail Removed)...
> Hi Dan,
>
> I notice this behaviour too but only after the initial authentication
> request. Subsequent requests contain the expected user name.
>
> --
> Cheers
>
> Pete
>
> XBOX Live Leagues & Tournaments
> http://www.xboxracing.net/
> "Dan Bart" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) om...
> > I am using an application which is a modification of IBuySpy Portal.
> > It is using Forms authentication. Users login and their name is

addedcontext that the code is running under. Context.User.Identity is the
user that asp.net recognizes - and this is not always the same. In
particular, if impersonation is off you'll get the app pool identity (or
ASPNET in IIS5) for WindowsIdentity; User.Identity will give the user name
regardless of impersonation.

> > to
> > Context
> > Then I use:
> >
> > Web.HttpContext.Current.User.Identity.Name
> >
> > to write audit trail as to what users do. Now recently on one of the
> > activities I noticed that the
> >
> > Web.HttpContext.Current.User.Identity.Name was blank. Which should not
> > have been possible?
> >
> > Can someone please tell me why this could have happened? And how I can
> > prevent this?
> >
> >
> >
> > Thanks,
> >
> >
> >
> > db

>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
blank CD-R and blank DVD-R not recognized by Vista 64 Ultimate =?Utf-8?B?R3JlZyBLaXJrcGF0cmljaw==?= Windows 64bit 13 11-07-2007 12:23 PM
Intel 2200bg problems (Random blank screens) =?Utf-8?B?Y2hyaXNjb29rZTAwMA==?= Wireless Networking 4 06-02-2005 04:27 AM
Intel 2200bg Card problems (random blank screens) =?Utf-8?B?Q2hyaXMgQ29va2U=?= Wireless Networking 0 04-10-2005 09:15 PM
Show wireless networks window is blank Bob Wilcox Wireless Networking 0 01-06-2005 02:09 AM



Advertisments