Web.HttpContext.Current.User.Identity.Name is blank

[Dan Bart]

I am using an application which is a modification of IBuySpy Portal.
It is using Forms authentication. Users login and their name is added
to
Context
Then I use:

Web.HttpContext.Current.User.Identity.Name

to write audit trail as to what users do. Now recently on one of the
activities I noticed that the

Web.HttpContext.Current.User.Identity.Name was blank. Which should not
have been possible?

Can someone please tell me why this could have happened? And how I can
prevent this?



Thanks,



db

[Teemu Keiski]

And it is put to the Context on every request i.e user is athenticated with
forms auth and then in Application_AuthenticateRequest you populate the
HttpContext with the Principal? I am asking because HttpContext is recreated
for every request which means that user details must also.

--
Teemu Keiski
MCP, Microsoft MVP (ASP.NET), AspInsiders member
ASP.NET Forum Moderator, AspAlliance Columnist


"Dan Bart" <dblist2003@yahoo.com> wrote in message
news:fa87ff30.0311191706.6105d46b@posting.google.c om...

> I am using an application which is a modification of IBuySpy Portal.
> It is using Forms authentication. Users login and their name is added
> to
> Context
> Then I use:
>
> Web.HttpContext.Current.User.Identity.Name
>
> to write audit trail as to what users do. Now recently on one of the
> activities I noticed that the
>
> Web.HttpContext.Current.User.Identity.Name was blank. Which should not
> have been possible?
>
> Can someone please tell me why this could have happened? And how I can
> prevent this?
>
>
>
> Thanks,
>
>
>
> db

[Dan Bart]

Yes it is put in the Context on every request in Global.asax.vb

Thanks,

db

> And it is put to the Context on every request i.e user is athenticated with
> forms auth and then in Application_AuthenticateRequest you populate the
> HttpContext with the Principal? I am asking because HttpContext is recreated
> for every request which means that user details must also.
>
> --
> Teemu Keiski
> MCP, Microsoft MVP (ASP.NET), AspInsiders member
> ASP.NET Forum Moderator, AspAlliance Columnist
>
>
> "Dan Bart" <dblist2003@yahoo.com> wrote in message
> news:fa87ff30.0311191706.6105d46b@posting.google.c om...

> > I am using an application which is a modification of IBuySpy Portal.
> > It is using Forms authentication. Users login and their name is added
> > to
> > Context
> > Then I use:
> >
> > Web.HttpContext.Current.User.Identity.Name
> >
> > to write audit trail as to what users do. Now recently on one of the
> > activities I noticed that the
> >
> > Web.HttpContext.Current.User.Identity.Name was blank. Which should not
> > have been possible?
> >
> > Can someone please tell me why this could have happened? And how I can
> > prevent this?
> >
> >
> >
> > Thanks,
> >
> >
> >
> > db

[Pete]

Hi Dan,

I notice this behaviour too but only after the initial authentication
request. Subsequent requests contain the expected user name.

--
Cheers

Pete

XBOX Live Leagues & Tournaments
[url]http://www.xboxracing.net/[/url]
"Dan Bart" <dblist2003@yahoo.com> wrote in message
news:fa87ff30.0311191706.6105d46b@posting.google.c om...

> I am using an application which is a modification of IBuySpy Portal.
> It is using Forms authentication. Users login and their name is added
> to
> Context
> Then I use:
>
> Web.HttpContext.Current.User.Identity.Name
>
> to write audit trail as to what users do. Now recently on one of the
> activities I noticed that the
>
> Web.HttpContext.Current.User.Identity.Name was blank. Which should not
> have been possible?
>
> Can someone please tell me why this could have happened? And how I can
> prevent this?
>
>
>
> Thanks,
>
>
>
> db

[Andrea D'Onofrio [MSFT]]

To populate the LOGON_USER variable when you use any authentication mode
other than None, you can deny access to the Anonymous user in the
<authorization> section of the Web.config file and change the authentication
mode other then None.

NOTE: When you enable Anonymous authentication in conjunction with Windows
authentication <or> if you grant access to the Anonymous user in the
<authorization> section while you are using any authentication mode other
than None, other server variables such as AUTH_USER and REMOTE_USER (as well
as the HttpContext.Current.User.Identity.Name property) also return an
empty string. You can use the any of the above-mentioned resolutions to
populate these variables.

Please refer to this public article for any additional details:
306359 PRB: Request.ServerVariables("LOGON_USER") Returns Empty String in
[url]http://support.microsoft.com/?id=306359[/url]

HtH,
Andrea

--
This posting is provided "AS IS" with no warranties, and confers no rights.

"Pete" <pete denness a-t qsadotcodotuk> wrote in message
news:%2361dtpUxDHA.1760@TK2MSFTNGP10.phx.gbl...

> Hi Dan,
>
> I notice this behaviour too but only after the initial authentication
> request. Subsequent requests contain the expected user name.
>
> --
> Cheers
>
> Pete
>
> XBOX Live Leagues & Tournaments
> [url]http://www.xboxracing.net/[/url]
> "Dan Bart" <dblist2003@yahoo.com> wrote in message
> news:fa87ff30.0311191706.6105d46b@posting.google.c om...

> > I am using an application which is a modification of IBuySpy Portal.
> > It is using Forms authentication. Users login and their name is

addedcontext that the code is running under. Context.User.Identity is the
user that asp.net recognizes - and this is not always the same. In
particular, if impersonation is off you'll get the app pool identity (or
ASPNET in IIS5) for WindowsIdentity; User.Identity will give the user name
regardless of impersonation.

> > to
> > Context
> > Then I use:
> >
> > Web.HttpContext.Current.User.Identity.Name
> >
> > to write audit trail as to what users do. Now recently on one of the
> > activities I noticed that the
> >
> > Web.HttpContext.Current.User.Identity.Name was blank. Which should not
> > have been possible?
> >
> > Can someone please tell me why this could have happened? And how I can
> > prevent this?
> >
> >
> >
> > Thanks,
> >
> >
> >
> > db

>
>