Where in User.Identity.Name gets a value in Login control?

Discussion in 'ASP .Net' started by Athena, Nov 29, 2007.

  1. Athena

    Athena Guest

    Hello,

    For a logging application I need to test the value of User.Identity.Name
    together with User.Identity.IsAuthenticated to direct the program flow. I
    tried Login.Authenticated, LoggedIn and Page_Load events. In all cases the
    value is returned as empty. Based on whether this value equal to "admin" I
    would like to make a CreateUserWizard control visible if the user is
    authenticated. I would appreciate if you give me a code example. Thank you.

    Athena
     
    Athena, Nov 29, 2007
    #1
    1. Advertising

  2. Athena

    Bryan Porter Guest

    Athena,

    Once the user has authenticated successfully through one of the log in
    controls, the (and this is from memory, so bear with me) User property of the
    current HttpContext instance should be populated. Depending on the membership
    provider you are using, HttpContext.Current.User.Identity should hold either
    a WindowsIdentity object or a GenericIdentity object.

    If they don't, the user can't have been authenticated, or you are using
    custom forms authentication (not one of the membership providers) and not
    setting the forms authentication ticket properly.

    Hope that helps.

    "Athena" wrote:

    > Hello,
    >
    > For a logging application I need to test the value of User.Identity.Name
    > together with User.Identity.IsAuthenticated to direct the program flow. I
    > tried Login.Authenticated, LoggedIn and Page_Load events. In all cases the
    > value is returned as empty. Based on whether this value equal to "admin" I
    > would like to make a CreateUserWizard control visible if the user is
    > authenticated. I would appreciate if you give me a code example. Thank you.
    >
    > Athena
    >
    >
     
    Bryan Porter, Nov 29, 2007
    #2
    1. Advertising

  3. Athena

    Wainage Guest

    Athena,

    I’ve looked at your code and your problem stems from a basic
    misunderstanding of ASP.NET’s “Forms†authentication. Since I am also a
    rookie programmer let me give you a brief break down of how it works.

    When a user clicks the login button on the login form the following sequence
    occurs:
    1. Username and Password are validated against the data store (XML, SQL etc)
    2. If valid and Authentication Ticket is created that contains the Username
    3. The Ticket is encrypted and passed into the pending Http Response
    4. The current page is “Refreshed†with a Response.Redirect (and the cookie
    is delivered to the browser)

    The user is now logged in and User.Identity.Name and User.Identity will now
    be populated. How? The following occurs:
    1. Http request begins (before the Page is even created)
    2. If the request contains a Authentication cookie it is decrypted (it does.
    Step 4 above)
    3. A user Principal is created containing the Username
    4. This Principal is assigned to the current Context (User.Identity.XXXX is
    now available)
    5. … rest of the request processing, page processing continues …

    This may look confusing at first but understanding it is vital in
    understanding how authentication in ASP.NET works.

    I’ve included a sample (unfortunately I only speak C# - but there is very
    little and it is well commented) that will provide the behavior you are
    looking for.

    The default.aspx page has a [LoginStatus] control as well as a [LoginView]
    to hide our controls from anonymous users. The [CreateUserWizard] control is
    part of the <loggedIn> template and visible is false.

    In Page_Load we check to see if the user is “adminâ€. If so
    [CreateUserWizard].Visible = true;

    To make it work, run the “Web Site Administration Toolâ€, enable security and
    add a “admin†and a couple of test users.

    I hope this lifts the fog.

    Wainage

    =============================================
    [default.aspx]
    -------------------------------------------------------------------------
    <%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs"
    Inherits="_Default" %>

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

    <html xmlns="http://www.w3.org/1999/xhtml">
    <head runat="server">
    <title>Untitled Page</title>
    </head>
    <body>
    <form id="form1" runat="server">
    <div>
    <asp:LoginStatus ID="LoginStatus1" runat="server" />
    </div>
    <div>
    <asp:LoginView ID="LoginView1" runat="server">
    <AnonymousTemplate>
    To Work on the site u need to log in
    </AnonymousTemplate>
    <LoggedInTemplate>
    <asp:CreateUserWizard ID="CreateUserWizard1" runat="server"
    Visible="false">
    <WizardSteps>
    <asp:CreateUserWizardStep ID="CreateUserWizardStep1"
    runat="server">
    </asp:CreateUserWizardStep>
    <asp:CompleteWizardStep ID="CompleteWizardStep1"
    runat="server">
    </asp:CompleteWizardStep>
    </WizardSteps>
    </asp:CreateUserWizard>
    <div>
    All Logged in users can see this ...
    </div>
    </LoggedInTemplate>
    </asp:LoginView>
    </div>
    </form>
    </body>
    </html>
    -------------------------------------------------------------------------
    protected void Page_Load(object sender, EventArgs e)
    {
    // the Wizard control is only shown when the user is Authenticated
    // so we need to find the control (this.CreateUserWizard1 does not
    work)
    // We ask LoginView to find the control
    CreateUserWizard wizard =
    (CreateUserWizard)LoginView1.FindControl("CreateUserWizard1");

    // did we find it?
    if (wizard != null) // Yes!
    {
    // check username
    if ("admin" == User.Identity.Name)
    wizard.Visible = true; // for "admin"
    else
    wizard.Visible = false; // for everyone else
    }
    }
    =============================================
    [login.aspx]
    -------------------------------------------------------------------------
    <%@ Page Language="C#" AutoEventWireup="true" CodeFile="login.aspx.cs"
    Inherits="login" %>

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

    <html xmlns="http://www.w3.org/1999/xhtml">
    <head runat="server">
    <title>Untitled Page</title>
    </head>
    <body>
    <form id="form1" runat="server">
    <div>

    </div>
    <asp:Login ID="Login1" runat="server">
    </asp:Login>
    </form>
    </body>
    </html>
    =============================================
     
    Wainage, Nov 29, 2007
    #3
  4. The problem is that the authentication principal won't get set until the
    next request to the
    server. But you can use the "UserName" property on the Usercontrol
    within the LoggedIn event to identify the user.


    --
    Eliyahu Goldin,
    Software Developer
    Microsoft MVP [ASP.NET]
    http://msmvps.com/blogs/egoldin
    http://usableasp.net


    "Athena" <> wrote in message
    news:...
    > Hello,
    >
    > For a logging application I need to test the value of
    > User.Identity.Name together with User.Identity.IsAuthenticated to direct
    > the program flow. I tried Login.Authenticated, LoggedIn and Page_Load
    > events. In all cases the value is returned as empty. Based on whether this
    > value equal to "admin" I would like to make a CreateUserWizard control
    > visible if the user is authenticated. I would appreciate if you give me a
    > code example. Thank you.
    >
    > Athena
    >
     
    Eliyahu Goldin, Nov 29, 2007
    #4
  5. "Wainage" <> wrote in message
    news:...

    > When a user clicks the login button on the login form the following
    > sequence
    > occurs:
    > 1. Username and Password are validated against the data store (XML, SQL
    > etc)
    > 2. If valid and Authentication Ticket is created that contains the
    > Username
    > 3. The Ticket is encrypted and passed into the pending Http Response
    > 4. The current page is “Refreshed†with a Response.Redirect (and the
    > cookie
    > is delivered to the browser)


    Steps 1-3 all occur on the initial postback, and during that postback the
    User.Identity is not populated. Step 4 does not occur automatically. You can
    set a redirect url on the login control or manually redirect from the
    code-behind, but either way, the User.Identity is still not set for the
    initial postback. Your code works because you're checking User.Identity.Name
    in default.aspx, which is *after* the login. If I read the OP correctly, he
    wants to redirect from within the login page on the initial postback.

    As Eliyahu said, to check the username on the initial postback of the login
    page, you'll need to use the "Username" property of the login control.
     
    Scott Roberts, Nov 29, 2007
    #5
  6. Athena

    Ian Semmel Guest

    You can check in OnAuthenticate and do the authentication yourself eg

    protected void Login1_OnAuthenticate(object sender,
    AuthenticateEventArgs e)
    {

    MembershipUser user =
    Membership.GetUser(Login1.UserName, false);

    if (user == null)
    return;

    if (!user.IsApproved)
    {
    Login1.FailureText = "You have not yet been
    approved";
    Login1.FailureAction =
    LoginFailureAction.Refresh;
    e.Authenticated = false;
    }
    else
    {
    e.Authenticated = Membership.ValidateUser (
    Login1.UserName, Login1.Password );
    }

    }

    > -----Original Message-----
    > From: Athena [mailto:]
    > Posted At: Thursday, 29 November 2007 10:55 AM
    > Posted To: microsoft.public.dotnet.framework.aspnet
    > Conversation: Where in User.Identity.Name gets a value in Login
    > control?
    > Subject: Where in User.Identity.Name gets a value in Login control?
    >
    > Hello,
    >
    > For a logging application I need to test the value of
    > User.Identity.Name
    > together with User.Identity.IsAuthenticated to direct the program

    flow.
    > I
    > tried Login.Authenticated, LoggedIn and Page_Load events. In all cases
    > the
    > value is returned as empty. Based on whether this value equal to
    > "admin" I
    > would like to make a CreateUserWizard control visible if the user is
    > authenticated. I would appreciate if you give me a code example.

    Thank
    > you.
    >
    > Athena
     
    Ian Semmel, Nov 29, 2007
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Giovanni Bassi
    Replies:
    0
    Views:
    678
    Giovanni Bassi
    Oct 20, 2003
  2. nalbayo
    Replies:
    2
    Views:
    5,600
    Bruce Barker
    Nov 11, 2005
  3. David Turner

    HttpApplication.User.Identity.Name has old login id

    David Turner, Apr 29, 2004, in forum: ASP .Net Security
    Replies:
    0
    Views:
    262
    David Turner
    Apr 29, 2004
  4. Frederick D'hont
    Replies:
    0
    Views:
    341
    Frederick D'hont
    Jul 25, 2005
  5. Antonio O''Neal

    user.identity.name returns old AD user name

    Antonio O''Neal, Oct 31, 2008, in forum: ASP .Net Security
    Replies:
    5
    Views:
    2,310
    Antonio O''Neal
    Nov 3, 2008
Loading...

Share This Page