Difference between System.Web.HttpContext.Current.User.Identity.Name and System.Threading.Thread.Cur

Discussion in 'ASP .Net Security' started by jeremy.rice, Nov 7, 2005.

  1. jeremy.rice

    jeremy.rice Guest

    Here's the dilemma:
    I have an ASP.NET web app on Windows 2003, IIS 6 that uses
    System.Web.HttpContext.Current.User.Identity.Name to display the user's
    name on the page. If Jimmy opens the page from his computer, his name
    gets displayed. Fine and dandy. However, when Ralph then opens the
    page, from Ralph's machine, it displays Jimmy's name. If I use
    System.Threading.Thread.CurrentPrincipal.Identity.Name, it displays the
    correct names. I have never seen this before and could cause me some
    serious headaches, considering I have been using
    System.Web.HttpContext.Current.User.Identity.Name in all of my web

    Can anyone shed some light/solution on the problem?

    Thanks in advance,
    jeremy.rice, Nov 7, 2005
    1. Advertisements

  2. Hello ,

    hmm - ASP.NET tries to sync those both values - are you handling events in
    the pipeline like AuthenticateRequest? If yes, what are you doing there?

    Context.User is the "right" place - you must be messing it up somewhere...
    Dominick Baier [DevelopMentor], Nov 7, 2005
    1. Advertisements

  3. jeremy.rice

    jeremy.rice Guest

    ME? Mess up? Never! heh heh

    Here's my code. All I'm doing is stripping off the domain and
    displaying it:

    Dim UserName As String =
    Label.Text = UserName

    Public Shared Function GetUserName(ByVal UserName As String) As String
    If UserName.Length > 0 Then
    Return Mid(UserName, InStr(UserName, "\") + 1)
    Return UserName
    End If
    End Function

    jeremy.rice, Nov 7, 2005
  4. Hello ,

    where lives this code, on a page? any code in global.asax or an httpmodule??

    web.config settings??
    Dominick Baier [DevelopMentor], Nov 7, 2005
  5. jeremy.rice

    jeremy.rice Guest

    It's in the Page_Load on an .ascx page. I have so far narrowed it down
    to this, because if I put the code onto the parent .aspx page it works
    fine. It's really weird. Any ideas on why this would be? It's gonna be
    such a pain to have to put this code onto every page. What's the point
    of Web User Controls if they aren't going to work? *Sigh*

    The only code in the gloabal.asax is to catch runtime errors in the
    Application_Error Sub and send me an email.

    In the Web.config I'm impersonating with Windows Authentication.

    IIS is set to Windows Authentication, not Anonymous. The virtual
    directory is using its own Application Pool.

    And if System.Web.HttpContext.CurrentĀ­.User.Identity.Name and
    System.Threading.Thread.CurrenĀ­tPrincipal.Identity.Name contain the
    same value by default (as I'm reading in the Microsoft documentation),
    why use one over the other?

    jeremy.rice, Nov 8, 2005
  6. Hello ,

    the "normal" way is to do a Context.User.IsInRole.

    But there is also the PrincipalPermission and PrincipalPermissionAttribute,
    which is more common in WinForms/Console libraries - and they rely on Thread.CurrentPrincipal.

    ASP.NET supports both styles.
    Dominick Baier [DevelopMentor], Nov 8, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.