HttpContext.Current.User doesn't persist in child app

[John Dalberg]

I am setting the HttpContext.Current.User in the
Application_AuthenticateRequest event in global.asax.cs. When I use the
IsInRole function in a web page, it works fine. So far so good. (Note that
Integrated security is used and anonymous is turned off.)

This app will actually work as a child app for an Intranet app so when I
remove the application designation in IIS for the child app folder,
IsInRole is always null, which is not good. I am thinking that httpcontext
being used is the one from the root app. Is there any way to use a
httpcontext in the child app that is set in the global.asax and can be used
anywhere?

Then I decided to use a session object to persist between requests. The
session object is not visible in the Application_AuthenticateRequest and
Application_BeginRequest events which fire every time. Session_Start is
fired only once during the creation of the session which is not suitable
for my requirement. Are there other events that fire for every request and
where session object can be used?

TIA

 

[Scott Allen]

Hi John:

See inline...

I am setting the HttpContext.Current.User in the
Application_AuthenticateRequest event in global.asax.cs. When I use the
IsInRole function in a web page, it works fine. So far so good. (Note that
Integrated security is used and anonymous is turned off.)

This app will actually work as a child app for an Intranet app so when I
remove the application designation in IIS for the child app folder,
IsInRole is always null, which is not good. I am thinking that httpcontext
being used is the one the root app.

This happens when you remove the application designation?

With the application designation ON, changes in the root application
won't be seen in the child application. These are seperate and
isolated applications with different Cache and Session collections,
etc.

Is there any way to use a
httpcontext in the child app that is set in the global.asax and can be used
anywhere?

No, to pass objects between these two applications, these two
appdomains - requires remoting. I don't think this is what you are
looking for.

Perhaps what you are looking for is a IHttpModule that can intercept
the AuthenticateRequest event and be installed in both applications?
http://msdn.microsoft.com/msdnmag/issues/02/05/asp/

Then I decided to use a session object to persist between requests. The
session object is not visible in the Application_AuthenticateRequest and
Application_BeginRequest events which fire every time. Session_Start is
fired only once during the creation of the session which is not suitable
for my requirement. Are there other events that fire for every request and
where session object can be used?

It really depends on what you need to do, but an event like
PreRequestHandlerExecute should work. Also, don't forget the Items
collection in the Context object. It won't span request but you can
shove state data into the collection and pull it out later in the
pipeline - including during Page events.

 

[John Dalberg]

Hi John:

See inline...



This happens when you remove the application designation?

With the application designation ON, changes in the root application
won't be seen in the child application. These are seperate and
isolated applications with different Cache and Session collections,
etc.

I am not changing anything in the root application. When I removed the app
designation of the child app, the httpconext that was set in the child's
global.asax.cs seems to be null in any page in the child app. The root
application is closed source and I have no access to its global.asax.cs.

No, to pass objects between these two applications, these two
appdomains - requires remoting. I don't think this is what you are
looking for.

I am not passing anything between the two. I need to persist data between
pages in the child app and the session object needs to be checked in every
request. I am putting user info coming from a database in the session
object and if a setting changes in the database, it needs to go into effect
rigth away as in the next request.

The only thing shared between the root app and child app is keeping track
who logged in into the root app. The root app takes care of session
expiration but the child app needs to know who's the currently logged in
user.

Perhaps what you are looking for is a IHttpModule that can intercept
the AuthenticateRequest event and be installed in both applications?
http://msdn.microsoft.com/msdnmag/issues/02/05/asp/



It really depends on what you need to do, but an event like
PreRequestHandlerExecute should work. Also, don't forget the Items
collection in the Context object. It won't span request but you can
shove state data into the collection and pull it out later in the
pipeline - including during Page events.

PreRequestHandlerExecute works and I am using it to save settings in the
session object. Now I have the same problem. Works fine if child app is a
standalone app but once I remove the app designation in IIS, the session is
null in the web page that's checking the session object. I figured maybe
asp.net doesn't use the Global object if the app is not configured as an
app but uses the parent's instead. I have a static method in the child's
global.asax.cs which gets used. I am not sure what is going on.
Does asp.net use only static methods from the child's global object and
everything else is from the parent's? I can't confirm this because I have
no access to the parent app's global object code.

 

[Guest]

Hi John,

In a web application, Application_* means application level functionality.
It can be common for different users. Hence you can’t get any user session
related info, including SessionState and User. HttpContext.Current.User and
Session objects can be only used in Session_* method or individual pages.

HTH

Elton Wang
(e-mail address removed)