Difference between System.Web.HttpContext.Current.User.Identity.Name and System.Threading.Thread.Cur

Discussion in 'ASP .Net Security' started by jeremy.rice@alkermes.com, Nov 7, 2005.

  1. Guest

    Here's the dilemma:
    I have an ASP.NET web app on Windows 2003, IIS 6 that uses
    System.Web.HttpContext.Current.User.Identity.Name to display the user's
    name on the page. If Jimmy opens the page from his computer, his name
    gets displayed. Fine and dandy. However, when Ralph then opens the
    page, from Ralph's machine, it displays Jimmy's name. If I use
    System.Threading.Thread.CurrentPrincipal.Identity.Name, it displays the
    correct names. I have never seen this before and could cause me some
    serious headaches, considering I have been using
    System.Web.HttpContext.Current.User.Identity.Name in all of my web
    apps.

    Can anyone shed some light/solution on the problem?

    Thanks in advance,
    Jeremy
     
    , Nov 7, 2005
    #1
    1. Advertising

  2. Hello ,

    hmm - ASP.NET tries to sync those both values - are you handling events in
    the pipeline like AuthenticateRequest? If yes, what are you doing there?

    Context.User is the "right" place - you must be messing it up somewhere...

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > Here's the dilemma:
    > I have an ASP.NET web app on Windows 2003, IIS 6 that uses
    > System.Web.HttpContext.Current.User.Identity.Name to display the
    > user's
    > name on the page. If Jimmy opens the page from his computer, his name
    > gets displayed. Fine and dandy. However, when Ralph then opens the
    > page, from Ralph's machine, it displays Jimmy's name. If I use
    > System.Threading.Thread.CurrentPrincipal.Identity.Name, it displays
    > the
    > correct names. I have never seen this before and could cause me some
    > serious headaches, considering I have been using
    > System.Web.HttpContext.Current.User.Identity.Name in all of my web
    > apps.
    > Can anyone shed some light/solution on the problem?
    >
    > Thanks in advance,
    > Jeremy
     
    Dominick Baier [DevelopMentor], Nov 7, 2005
    #2
    1. Advertising

  3. Guest

    ME? Mess up? Never! heh heh

    Here's my code. All I'm doing is stripping off the domain and
    displaying it:

    Dim UserName As String =
    GetUserName(System.Web.HttpContext.Current.User.Identity.Name)
    Label.Text = UserName

    Public Shared Function GetUserName(ByVal UserName As String) As String
    If UserName.Length > 0 Then
    Return Mid(UserName, InStr(UserName, "\") + 1)
    Else
    Return UserName
    End If
    End Function

    Thanks,
    Jeremy
     
    , Nov 7, 2005
    #3
  4. Hello ,

    where lives this code, on a page? any code in global.asax or an httpmodule??

    web.config settings??


    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > ME? Mess up? Never! heh heh
    >
    > Here's my code. All I'm doing is stripping off the domain and
    > displaying it:
    >
    > Dim UserName As String =
    > GetUserName(System.Web.HttpContext.Current.User.Identity.Name)
    > Label.Text = UserName
    >
    > Public Shared Function GetUserName(ByVal UserName As String) As String
    > If UserName.Length > 0 Then
    > Return Mid(UserName, InStr(UserName, "\") + 1)
    > Else
    > Return UserName
    > End If
    > End Function
    > Thanks,
    > Jeremy
     
    Dominick Baier [DevelopMentor], Nov 7, 2005
    #4
  5. Guest

    It's in the Page_Load on an .ascx page. I have so far narrowed it down
    to this, because if I put the code onto the parent .aspx page it works
    fine. It's really weird. Any ideas on why this would be? It's gonna be
    such a pain to have to put this code onto every page. What's the point
    of Web User Controls if they aren't going to work? *Sigh*

    The only code in the gloabal.asax is to catch runtime errors in the
    Application_Error Sub and send me an email.

    In the Web.config I'm impersonating with Windows Authentication.

    IIS is set to Windows Authentication, not Anonymous. The virtual
    directory is using its own Application Pool.

    And if System.Web.HttpContext.Current­.User.Identity.Name and
    System.Threading.Thread.Curren­tPrincipal.Identity.Name contain the
    same value by default (as I'm reading in the Microsoft documentation),
    why use one over the other?

    Thanks,
    Jeremy
     
    , Nov 8, 2005
    #5
  6. Hello ,

    the "normal" way is to do a Context.User.IsInRole.

    But there is also the PrincipalPermission and PrincipalPermissionAttribute,
    which is more common in WinForms/Console libraries - and they rely on Thread.CurrentPrincipal.

    ASP.NET supports both styles.

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > It's in the Page Load on an .ascx page. I have so far narrowed it down
    > to this, because if I put the code onto the parent .aspx page it works
    > fine. It's really weird. Any ideas on why this would be? It's gonna be
    > such a pain to have to put this code onto every page. What's the point
    > of Web User Controls if they aren't going to work? *Sigh*
    >
    > The only code in the gloabal.asax is to catch runtime errors in the
    > Application Error Sub and send me an email.
    >
    > In the Web.config I'm impersonating with Windows Authentication.
    >
    > IIS is set to Windows Authentication, not Anonymous. The virtual
    > directory is using its own Application Pool.
    >
    > And if System.Web.HttpContext.Current­.User.Identity.Name and
    > System.Threading.Thread.Curren­tPrincipal.Identity.Name contain the
    > same value by default (as I'm reading in the Microsoft documentation),
    > why use one over the other?
    >
    > Thanks,
    > Jeremy
     
    Dominick Baier [DevelopMentor], Nov 8, 2005
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Giovanni Bassi
    Replies:
    0
    Views:
    651
    Giovanni Bassi
    Oct 20, 2003
  2. Dan Bart
    Replies:
    4
    Views:
    27,851
    Andrea D'Onofrio [MSFT]
    Dec 18, 2003
  3. nalbayo
    Replies:
    2
    Views:
    5,507
    Bruce Barker
    Nov 11, 2005
  4. Dan Bart

    Web.HttpContext.Current.User.Identity.Name is blank

    Dan Bart, Nov 20, 2003, in forum: ASP .Net Security
    Replies:
    4
    Views:
    594
    Andrea D'Onofrio [MSFT]
    Dec 18, 2003
  5. Antonio O''Neal
    Replies:
    3
    Views:
    788
    Bob Barrows
    Dec 2, 2009
Loading...

Share This Page