Professional Web Applications Themes

Web.HttpContext.Current.User.Identity.Name is blank - ASP.NET

I am using an application which is a modification of IBuySpy Portal. It is using Forms authentication. Users login and their name is added to Context Then I use: Web.HttpContext.Current.User.Identity.Name to write audit trail as to what users do. Now recently on one of the activities I noticed that the Web.HttpContext.Current.User.Identity.Name was blank. Which should not have been possible? Can someone please tell me why this could have happened? And how I can prevent this? Thanks, db...

  1. #1

    Default Web.HttpContext.Current.User.Identity.Name is blank

    I am using an application which is a modification of IBuySpy Portal.
    It is using Forms authentication. Users login and their name is added
    to
    Context
    Then I use:

    Web.HttpContext.Current.User.Identity.Name

    to write audit trail as to what users do. Now recently on one of the
    activities I noticed that the

    Web.HttpContext.Current.User.Identity.Name was blank. Which should not
    have been possible?

    Can someone please tell me why this could have happened? And how I can
    prevent this?



    Thanks,



    db
    Dan Bart Guest

  2. #2

    Default Re: Web.HttpContext.Current.User.Identity.Name is blank

    And it is put to the Context on every request i.e user is athenticated with
    forms auth and then in Application_AuthenticateRequest you populate the
    HttpContext with the Principal? I am asking because HttpContext is recreated
    for every request which means that user details must also.

    --
    Teemu Keiski
    MCP, Microsoft MVP (ASP.NET), AspInsiders member
    ASP.NET Forum Moderator, AspAlliance Columnist


    "Dan Bart" <dblist2003> wrote in message
    news:fa87ff30.0311191706.6105d46bposting.google.c om...
    > I am using an application which is a modification of IBuySpy Portal.
    > It is using Forms authentication. Users login and their name is added
    > to
    > Context
    > Then I use:
    >
    > Web.HttpContext.Current.User.Identity.Name
    >
    > to write audit trail as to what users do. Now recently on one of the
    > activities I noticed that the
    >
    > Web.HttpContext.Current.User.Identity.Name was blank. Which should not
    > have been possible?
    >
    > Can someone please tell me why this could have happened? And how I can
    > prevent this?
    >
    >
    >
    > Thanks,
    >
    >
    >
    > db

    Teemu Keiski Guest

  3. #3

    Default Re: Web.HttpContext.Current.User.Identity.Name is blank

    Yes it is put in the Context on every request in Global.asax.vb

    Thanks,

    db
    > And it is put to the Context on every request i.e user is athenticated with
    > forms auth and then in Application_AuthenticateRequest you populate the
    > HttpContext with the Principal? I am asking because HttpContext is recreated
    > for every request which means that user details must also.
    >
    > --
    > Teemu Keiski
    > MCP, Microsoft MVP (ASP.NET), AspInsiders member
    > ASP.NET Forum Moderator, AspAlliance Columnist
    >
    >
    > "Dan Bart" <dblist2003> wrote in message
    > news:fa87ff30.0311191706.6105d46bposting.google.c om...
    > > I am using an application which is a modification of IBuySpy Portal.
    > > It is using Forms authentication. Users login and their name is added
    > > to
    > > Context
    > > Then I use:
    > >
    > > Web.HttpContext.Current.User.Identity.Name
    > >
    > > to write audit trail as to what users do. Now recently on one of the
    > > activities I noticed that the
    > >
    > > Web.HttpContext.Current.User.Identity.Name was blank. Which should not
    > > have been possible?
    > >
    > > Can someone please tell me why this could have happened? And how I can
    > > prevent this?
    > >
    > >
    > >
    > > Thanks,
    > >
    > >
    > >
    > > db
    Dan Bart Guest

  4. #4

    Default Re: Web.HttpContext.Current.User.Identity.Name is blank

    Hi Dan,

    I notice this behaviour too but only after the initial authentication
    request. Subsequent requests contain the expected user name.

    --
    Cheers

    Pete

    XBOX Live Leagues & Tournaments
    [url]http://www.xboxracing.net/[/url]
    "Dan Bart" <dblist2003> wrote in message
    news:fa87ff30.0311191706.6105d46bposting.google.c om...
    > I am using an application which is a modification of IBuySpy Portal.
    > It is using Forms authentication. Users login and their name is added
    > to
    > Context
    > Then I use:
    >
    > Web.HttpContext.Current.User.Identity.Name
    >
    > to write audit trail as to what users do. Now recently on one of the
    > activities I noticed that the
    >
    > Web.HttpContext.Current.User.Identity.Name was blank. Which should not
    > have been possible?
    >
    > Can someone please tell me why this could have happened? And how I can
    > prevent this?
    >
    >
    >
    > Thanks,
    >
    >
    >
    > db

    Pete Guest

  5. #5

    Default Re: Web.HttpContext.Current.User.Identity.Name is blank

    To populate the LOGON_USER variable when you use any authentication mode
    other than None, you can deny access to the Anonymous user in the
    <authorization> section of the Web.config file and change the authentication
    mode other then None.

    NOTE: When you enable Anonymous authentication in conjunction with Windows
    authentication <or> if you grant access to the Anonymous user in the
    <authorization> section while you are using any authentication mode other
    than None, other server variables such as AUTH_USER and REMOTE_USER (as well
    as the HttpContext.Current.User.Identity.Name property) also return an
    empty string. You can use the any of the above-mentioned resolutions to
    populate these variables.

    Please refer to this public article for any additional details:
    306359 PRB: Request.ServerVariables("LOGON_USER") Returns Empty String in
    [url]http://support.microsoft.com/?id=306359[/url]

    HtH,
    Andrea

    --
    This posting is provided "AS IS" with no warranties, and confers no rights.

    "Pete" <pete denness a-t qsadotcodotuk> wrote in message
    news:%2361dtpUxDHA.1760TK2MSFTNGP10.phx.gbl...
    > Hi Dan,
    >
    > I notice this behaviour too but only after the initial authentication
    > request. Subsequent requests contain the expected user name.
    >
    > --
    > Cheers
    >
    > Pete
    >
    > XBOX Live Leagues & Tournaments
    > [url]http://www.xboxracing.net/[/url]
    > "Dan Bart" <dblist2003> wrote in message
    > news:fa87ff30.0311191706.6105d46bposting.google.c om...
    > > I am using an application which is a modification of IBuySpy Portal.
    > > It is using Forms authentication. Users login and their name is
    addedcontext that the code is running under. Context.User.Identity is the
    user that asp.net recognizes - and this is not always the same. In
    particular, if impersonation is off you'll get the app pool identity (or
    ASPNET in IIS5) for WindowsIdentity; User.Identity will give the user name
    regardless of impersonation.
    > > to
    > > Context
    > > Then I use:
    > >
    > > Web.HttpContext.Current.User.Identity.Name
    > >
    > > to write audit trail as to what users do. Now recently on one of the
    > > activities I noticed that the
    > >
    > > Web.HttpContext.Current.User.Identity.Name was blank. Which should not
    > > have been possible?
    > >
    > > Can someone please tell me why this could have happened? And how I can
    > > prevent this?
    > >
    > >
    > >
    > > Thanks,
    > >
    > >
    > >
    > > db
    >
    >

    Andrea D'Onofrio [MSFT] Guest

Similar Threads

  1. flow user identity to web service through httpcontext??
    By Kevin Yu in forum ASP.NET Web Services
    Replies: 1
    Last Post: July 14th, 09:29 PM
  2. HttpContext.Current.User.IsInRole
    By Julia in forum ASP.NET Security
    Replies: 2
    Last Post: April 6th, 05:50 PM
  3. How secure is HttpContext.Current.User.Identity.Name ?
    By Mark D. in forum ASP.NET Security
    Replies: 0
    Last Post: August 16th, 07:33 PM
  4. creating custom HttpContext.Current.User.Identity
    By dSchwartz in forum ASP.NET Security
    Replies: 6
    Last Post: February 21st, 10:40 AM
  5. HttpContext.Current.User vs. Thread.CurrentPrincipal
    By Michael Ames in forum ASP.NET Security
    Replies: 1
    Last Post: November 14th, 06:47 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139