«

Here's the dilemma:
I have an ASP.NET web app on Windows 2003, IIS 6 that uses
System.Web.HttpContext.Current.User.Identity.Name to display the user's
name on the page. If Jimmy opens the page from his computer, his name
gets displayed. Fine and dandy. However, when Ralph then opens the
page, from Ralph's machine, it displays Jimmy's name. If I use
System.Threading.Thread.CurrentPrincipal.Identity. Name, it displays the
correct names. I have never seen this before and could cause me some
serious headaches, considering I have been using
System.Web.HttpContext.Current.User.Identity.Name in all of my web
apps.

Can anyone shed some light/solution on the problem?

Thanks in advance,
Jeremy

Hello ,

hmm - ASP.NET tries to sync those both values - are you handling events in
the pipeline like AuthenticateRequest? If yes, what are you doing there?

Context.User is the "right" place - you must be messing it up somewhere...

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> Here's the dilemma:
> I have an ASP.NET web app on Windows 2003, IIS 6 that uses
> System.Web.HttpContext.Current.User.Identity.Name to display the
> user's
> name on the page. If Jimmy opens the page from his computer, his name
> gets displayed. Fine and dandy. However, when Ralph then opens the
> page, from Ralph's machine, it displays Jimmy's name. If I use
> System.Threading.Thread.CurrentPrincipal.Identity. Name, it displays
> the
> correct names. I have never seen this before and could cause me some
> serious headaches, considering I have been using
> System.Web.HttpContext.Current.User.Identity.Name in all of my web
> apps.
> Can anyone shed some light/solution on the problem?
>
> Thanks in advance,
> Jeremy

ME? Mess up? Never! heh heh

Here's my code. All I'm doing is stripping off the domain and
displaying it:

Dim UserName As String =
GetUserName(System.Web.HttpContext.Current.User.Id entity.Name)
Label.Text = UserName

Public Shared Function GetUserName(ByVal UserName As String) As String
If UserName.Length > 0 Then
Return Mid(UserName, InStr(UserName, "\") + 1)
Else
Return UserName
End If
End Function

Thanks,
Jeremy

Hello ,

where lives this code, on a page? any code in global.asax or an httpmodule??

web.config settings??


---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> ME? Mess up? Never! heh heh
>
> Here's my code. All I'm doing is stripping off the domain and
> displaying it:
>
> Dim UserName As String =
> GetUserName(System.Web.HttpContext.Current.User.Id entity.Name)
> Label.Text = UserName
>
> Public Shared Function GetUserName(ByVal UserName As String) As String
> If UserName.Length > 0 Then
> Return Mid(UserName, InStr(UserName, "\") + 1)
> Else
> Return UserName
> End If
> End Function
> Thanks,
> Jeremy

It's in the Page_Load on an .ascx page. I have so far narrowed it down
to this, because if I put the code onto the parent .aspx page it works
fine. It's really weird. Any ideas on why this would be? It's gonna be
such a pain to have to put this code onto every page. What's the point
of Web User Controls if they aren't going to work? *Sigh*

The only code in the gloabal.asax is to catch runtime errors in the
Application_Error Sub and send me an email.

In the Web.config I'm impersonating with Windows Authentication.

IIS is set to Windows Authentication, not Anonymous. The virtual
directory is using its own Application Pool.

And if System.Web.HttpContext.Current*.User.Identity.Name and
System.Threading.Thread.Curren*tPrincipal.Identity .Name contain the
same value by default (as I'm reading in the Microsoft documentation),
why use one over the other?

Thanks,
Jeremy

Hello ,

the "normal" way is to do a Context.User.IsInRole.

But there is also the PrincipalPermission and PrincipalPermissionAttribute,
which is more common in WinForms/Console libraries - and they rely on Thread.CurrentPrincipal.

ASP.NET supports both styles.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> It's in the Page Load on an .ascx page. I have so far narrowed it down
> to this, because if I put the code onto the parent .aspx page it works
> fine. It's really weird. Any ideas on why this would be? It's gonna be
> such a pain to have to put this code onto every page. What's the point
> of Web User Controls if they aren't going to work? *Sigh*
>
> The only code in the gloabal.asax is to catch runtime errors in the
> Application Error Sub and send me an email.
>
> In the Web.config I'm impersonating with Windows Authentication.
>
> IIS is set to Windows Authentication, not Anonymous. The virtual
> directory is using its own Application Pool.
>
> And if System.Web.HttpContext.Current*.User.Identity.Name and
> System.Threading.Thread.Curren*tPrincipal.Identity .Name contain the
> same value by default (as I'm reading in the Microsoft documentation),
> why use one over the other?
>
> Thanks,
> Jeremy