Web.HttpContext.Current.User.Identity.Name is blank

Discussion in 'ASP .Net Security' started by Dan Bart, Nov 20, 2003.

  1. Dan Bart

    Dan Bart Guest

    I am using an application which is a modification of IBuySpy Portal.
    It is using Forms authentication. Users login and their name is added
    to
    Context
    Then I use:

    Web.HttpContext.Current.User.Identity.Name

    to write audit trail as to what users do. Now recently on one of the
    activities I noticed that the

    Web.HttpContext.Current.User.Identity.Name was blank. Which should not
    have been possible?

    Can someone please tell me why this could have happened? And how I can
    prevent this?



    Thanks,



    db
    Dan Bart, Nov 20, 2003
    #1
    1. Advertising

  2. Dan Bart

    Teemu Keiski Guest

    And it is put to the Context on every request i.e user is athenticated with
    forms auth and then in Application_AuthenticateRequest you populate the
    HttpContext with the Principal? I am asking because HttpContext is recreated
    for every request which means that user details must also.

    --
    Teemu Keiski
    MCP, Microsoft MVP (ASP.NET), AspInsiders member
    ASP.NET Forum Moderator, AspAlliance Columnist


    "Dan Bart" <> wrote in message
    news:...
    > I am using an application which is a modification of IBuySpy Portal.
    > It is using Forms authentication. Users login and their name is added
    > to
    > Context
    > Then I use:
    >
    > Web.HttpContext.Current.User.Identity.Name
    >
    > to write audit trail as to what users do. Now recently on one of the
    > activities I noticed that the
    >
    > Web.HttpContext.Current.User.Identity.Name was blank. Which should not
    > have been possible?
    >
    > Can someone please tell me why this could have happened? And how I can
    > prevent this?
    >
    >
    >
    > Thanks,
    >
    >
    >
    > db
    Teemu Keiski, Nov 22, 2003
    #2
    1. Advertising

  3. Dan Bart

    Dan Bart Guest

    Yes it is put in the Context on every request in Global.asax.vb

    Thanks,

    db

    > And it is put to the Context on every request i.e user is athenticated with
    > forms auth and then in Application_AuthenticateRequest you populate the
    > HttpContext with the Principal? I am asking because HttpContext is recreated
    > for every request which means that user details must also.
    >
    > --
    > Teemu Keiski
    > MCP, Microsoft MVP (ASP.NET), AspInsiders member
    > ASP.NET Forum Moderator, AspAlliance Columnist
    >
    >
    > "Dan Bart" <> wrote in message
    > news:...
    > > I am using an application which is a modification of IBuySpy Portal.
    > > It is using Forms authentication. Users login and their name is added
    > > to
    > > Context
    > > Then I use:
    > >
    > > Web.HttpContext.Current.User.Identity.Name
    > >
    > > to write audit trail as to what users do. Now recently on one of the
    > > activities I noticed that the
    > >
    > > Web.HttpContext.Current.User.Identity.Name was blank. Which should not
    > > have been possible?
    > >
    > > Can someone please tell me why this could have happened? And how I can
    > > prevent this?
    > >
    > >
    > >
    > > Thanks,
    > >
    > >
    > >
    > > db
    Dan Bart, Dec 10, 2003
    #3
  4. Dan Bart

    Pete Guest

    Hi Dan,

    I notice this behaviour too but only after the initial authentication
    request. Subsequent requests contain the expected user name.

    --
    Cheers

    Pete

    XBOX Live Leagues & Tournaments
    http://www.xboxracing.net/
    "Dan Bart" <> wrote in message
    news:...
    > I am using an application which is a modification of IBuySpy Portal.
    > It is using Forms authentication. Users login and their name is added
    > to
    > Context
    > Then I use:
    >
    > Web.HttpContext.Current.User.Identity.Name
    >
    > to write audit trail as to what users do. Now recently on one of the
    > activities I noticed that the
    >
    > Web.HttpContext.Current.User.Identity.Name was blank. Which should not
    > have been possible?
    >
    > Can someone please tell me why this could have happened? And how I can
    > prevent this?
    >
    >
    >
    > Thanks,
    >
    >
    >
    > db
    Pete, Dec 18, 2003
    #4
  5. To populate the LOGON_USER variable when you use any authentication mode
    other than None, you can deny access to the Anonymous user in the
    <authorization> section of the Web.config file and change the authentication
    mode other then None.

    NOTE: When you enable Anonymous authentication in conjunction with Windows
    authentication <or> if you grant access to the Anonymous user in the
    <authorization> section while you are using any authentication mode other
    than None, other server variables such as AUTH_USER and REMOTE_USER (as well
    as the HttpContext.Current.User.Identity.Name property) also return an
    empty string. You can use the any of the above-mentioned resolutions to
    populate these variables.

    Please refer to this public article for any additional details:
    306359 PRB: Request.ServerVariables("LOGON_USER") Returns Empty String in
    http://support.microsoft.com/?id=306359

    HtH,
    Andrea

    --
    This posting is provided "AS IS" with no warranties, and confers no rights.

    "Pete" <pete denness a-t qsadotcodotuk> wrote in message
    news:%...
    > Hi Dan,
    >
    > I notice this behaviour too but only after the initial authentication
    > request. Subsequent requests contain the expected user name.
    >
    > --
    > Cheers
    >
    > Pete
    >
    > XBOX Live Leagues & Tournaments
    > http://www.xboxracing.net/
    > "Dan Bart" <> wrote in message
    > news:...
    > > I am using an application which is a modification of IBuySpy Portal.
    > > It is using Forms authentication. Users login and their name is

    addedcontext that the code is running under. Context.User.Identity is the
    user that asp.net recognizes - and this is not always the same. In
    particular, if impersonation is off you'll get the app pool identity (or
    ASPNET in IIS5) for WindowsIdentity; User.Identity will give the user name
    regardless of impersonation.

    > > to
    > > Context
    > > Then I use:
    > >
    > > Web.HttpContext.Current.User.Identity.Name
    > >
    > > to write audit trail as to what users do. Now recently on one of the
    > > activities I noticed that the
    > >
    > > Web.HttpContext.Current.User.Identity.Name was blank. Which should not
    > > have been possible?
    > >
    > > Can someone please tell me why this could have happened? And how I can
    > > prevent this?
    > >
    > >
    > >
    > > Thanks,
    > >
    > >
    > >
    > > db

    >
    >
    Andrea D'Onofrio [MSFT], Dec 18, 2003
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Giovanni Bassi
    Replies:
    0
    Views:
    624
    Giovanni Bassi
    Oct 20, 2003
  2. Dan Bart
    Replies:
    4
    Views:
    27,766
    Andrea D'Onofrio [MSFT]
    Dec 18, 2003
  3. nalbayo
    Replies:
    2
    Views:
    5,474
    Bruce Barker
    Nov 11, 2005
  4. Replies:
    5
    Views:
    2,226
    Dominick Baier [DevelopMentor]
    Nov 8, 2005
  5. Antonio O''Neal
    Replies:
    3
    Views:
    774
    Bob Barrows
    Dec 2, 2009
Loading...

Share This Page