I am using an application which is a modification of IBuySpy Portal.
It is using Forms authentication. Users login and their name is added
to
Context
Then I use:
Web.HttpContext.Current.User.Identity.Name
to write audit trail as to what users do. Now recently on one of the
activities I noticed that the
Web.HttpContext.Current.User.Identity.Name was blank. Which should not
have been possible?
Can someone please tell me why this could have happened? And how I can
prevent this?
Thanks,
dbAnd it is put to the Context on every request i.e user is athenticated with
forms auth and then in Application_AuthenticateRequest you populate the
HttpContext with the Principal? I am asking because HttpContext is recreated
for every request which means that user details must also.
--
Teemu Keiski
MCP, Microsoft MVP (ASP.NET), AspInsiders member
ASP.NET Forum Moderator, AspAlliance Columnist
"Dan Bart" <dblist2003@.yahoo.com> wrote in message
news:fa87ff30.0311191706.6105d46b@.posting.google.c om...
> I am using an application which is a modification of IBuySpy Portal.
> It is using Forms authentication. Users login and their name is added
> to
> Context
> Then I use:
> Web.HttpContext.Current.User.Identity.Name
> to write audit trail as to what users do. Now recently on one of the
> activities I noticed that the
> Web.HttpContext.Current.User.Identity.Name was blank. Which should not
> have been possible?
> Can someone please tell me why this could have happened? And how I can
> prevent this?
>
> Thanks,
>
> db
Yes it is put in the Context on every request in Global.asax.vb
Thanks,
db
> And it is put to the Context on every request i.e user is athenticated with
> forms auth and then in Application_AuthenticateRequest you populate the
> HttpContext with the Principal? I am asking because HttpContext is recreated
> for every request which means that user details must also.
> --
> Teemu Keiski
> MCP, Microsoft MVP (ASP.NET), AspInsiders member
> ASP.NET Forum Moderator, AspAlliance Columnist
>
> "Dan Bart" <dblist2003@.yahoo.com> wrote in message
> news:fa87ff30.0311191706.6105d46b@.posting.google.c om...
> > I am using an application which is a modification of IBuySpy Portal.
> > It is using Forms authentication. Users login and their name is added
> > to
> > Context
> > Then I use:
> > Web.HttpContext.Current.User.Identity.Name
> > to write audit trail as to what users do. Now recently on one of the
> > activities I noticed that the
> > Web.HttpContext.Current.User.Identity.Name was blank. Which should not
> > have been possible?
> > Can someone please tell me why this could have happened? And how I can
> > prevent this?
> > Thanks,
> > db
Hi Dan,
I notice this behaviour too but only after the initial authentication
request. Subsequent requests contain the expected user name.
--
Cheers
Pete
XBOX Live Leagues & Tournaments
http://www.xboxracing.net/
"Dan Bart" <dblist2003@.yahoo.com> wrote in message
news:fa87ff30.0311191706.6105d46b@.posting.google.c om...
> I am using an application which is a modification of IBuySpy Portal.
> It is using Forms authentication. Users login and their name is added
> to
> Context
> Then I use:
> Web.HttpContext.Current.User.Identity.Name
> to write audit trail as to what users do. Now recently on one of the
> activities I noticed that the
> Web.HttpContext.Current.User.Identity.Name was blank. Which should not
> have been possible?
> Can someone please tell me why this could have happened? And how I can
> prevent this?
>
> Thanks,
>
> db
To populate the LOGON_USER variable when you use any authentication mode
other than None, you can deny access to the Anonymous user in the
<authorization> section of the Web.config file and change the authentication
mode other then None.
NOTE: When you enable Anonymous authentication in conjunction with Windows
authentication <or> if you grant access to the Anonymous user in the
<authorization> section while you are using any authentication mode other
than None, other server variables such as AUTH_USER and REMOTE_USER (as well
as the HttpContext.Current.User.Identity.Name property) also return an
empty string. You can use the any of the above-mentioned resolutions to
populate these variables.
Please refer to this public article for any additional details:
306359 PRB: Request.ServerVariables("LOGON_USER") Returns Empty String in
http://support.microsoft.com/?id=306359
HtH,
Andrea
--
This posting is provided "AS IS" with no warranties, and confers no rights.
"Pete" <pete denness a-t qsadotcodotuk> wrote in message
news:%2361dtpUxDHA.1760@.TK2MSFTNGP10.phx.gbl...
> Hi Dan,
> I notice this behaviour too but only after the initial authentication
> request. Subsequent requests contain the expected user name.
> --
> Cheers
> Pete
> XBOX Live Leagues & Tournaments
> http://www.xboxracing.net/
> "Dan Bart" <dblist2003@.yahoo.com> wrote in message
> news:fa87ff30.0311191706.6105d46b@.posting.google.c om...
> > I am using an application which is a modification of IBuySpy Portal.
> > It is using Forms authentication. Users login and their name is
addedcontext that the code is running under. Context.User.Identity is the
user that asp.net recognizes - and this is not always the same. In
particular, if impersonation is off you'll get the app pool identity (or
ASPNET in IIS5) for WindowsIdentity; User.Identity will give the user name
regardless of impersonation.
> > to
> > Context
> > Then I use:
> > Web.HttpContext.Current.User.Identity.Name
> > to write audit trail as to what users do. Now recently on one of the
> > activities I noticed that the
> > Web.HttpContext.Current.User.Identity.Name was blank. Which should not
> > have been possible?
> > Can someone please tell me why this could have happened? And how I can
> > prevent this?
> > Thanks,
> > db
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment