Difference between System.Web.HttpContext.Current.User.Identity.Name and System.Threading.Thread.Cur

J

jeremy.rice

Here's the dilemma:
I have an ASP.NET web app on Windows 2003, IIS 6 that uses
System.Web.HttpContext.Current.User.Identity.Name to display the user's
name on the page. If Jimmy opens the page from his computer, his name
gets displayed. Fine and dandy. However, when Ralph then opens the
page, from Ralph's machine, it displays Jimmy's name. If I use
System.Threading.Thread.CurrentPrincipal.Identity.Name, it displays the
correct names. I have never seen this before and could cause me some
serious headaches, considering I have been using
System.Web.HttpContext.Current.User.Identity.Name in all of my web
apps.

Can anyone shed some light/solution on the problem?

Thanks in advance,
Jeremy
 
D

Dominick Baier [DevelopMentor]

Hello (e-mail address removed),

hmm - ASP.NET tries to sync those both values - are you handling events in
the pipeline like AuthenticateRequest? If yes, what are you doing there?

Context.User is the "right" place - you must be messing it up somewhere...
 
J

jeremy.rice

ME? Mess up? Never! heh heh

Here's my code. All I'm doing is stripping off the domain and
displaying it:

Dim UserName As String =
GetUserName(System.Web.HttpContext.Current.User.Identity.Name)
Label.Text = UserName

Public Shared Function GetUserName(ByVal UserName As String) As String
If UserName.Length > 0 Then
Return Mid(UserName, InStr(UserName, "\") + 1)
Else
Return UserName
End If
End Function

Thanks,
Jeremy
 
D

Dominick Baier [DevelopMentor]

Hello (e-mail address removed),

where lives this code, on a page? any code in global.asax or an httpmodule??

web.config settings??
 
J

jeremy.rice

It's in the Page_Load on an .ascx page. I have so far narrowed it down
to this, because if I put the code onto the parent .aspx page it works
fine. It's really weird. Any ideas on why this would be? It's gonna be
such a pain to have to put this code onto every page. What's the point
of Web User Controls if they aren't going to work? *Sigh*

The only code in the gloabal.asax is to catch runtime errors in the
Application_Error Sub and send me an email.

In the Web.config I'm impersonating with Windows Authentication.

IIS is set to Windows Authentication, not Anonymous. The virtual
directory is using its own Application Pool.

And if System.Web.HttpContext.Current­.User.Identity.Name and
System.Threading.Thread.Curren­tPrincipal.Identity.Name contain the
same value by default (as I'm reading in the Microsoft documentation),
why use one over the other?

Thanks,
Jeremy
 
D

Dominick Baier [DevelopMentor]

Hello (e-mail address removed),

the "normal" way is to do a Context.User.IsInRole.

But there is also the PrincipalPermission and PrincipalPermissionAttribute,
which is more common in WinForms/Console libraries - and they rely on Thread.CurrentPrincipal.

ASP.NET supports both styles.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,743
Messages
2,569,478
Members
44,898
Latest member
BlairH7607

Latest Threads

Top