Security :: Get User Id In Session_Start Or Global.asax
Dec 6, 2010
I have a custom provider for authenticaiton that is HTTP Module-based. IIS authentication and web.config authentication is configure to 'None' and allow anonymous. When I probe for User.Identity.Name in Session_Start, it is empty. However User.Identity.Name works elswhere in the application as expected (returns the current user id). Is it possibly during Session_Start no authentication request has been issued, therefore there is no principal at this moment?
View 1 Replies
Similar Messages:
Sep 30, 2010
When I am debugging an application in ASP.NET, after about ~5 minutes I get a NullRefEx coming from global.asax.cs regarding:
protected void Session_Start(Object sender, EventArgs e)
{
WindowsIdentity identity = null;
identity = (WindowsIdentity)(Context.User.Identity);
...
Context is Null at this point. I am a noob in ASP.NET with regards to Global.asax.cs. This code was written by another developer. EDIT: This is the code with HttpContext...
protected void Session_Start(Object sender, EventArgs e)
{
WindowsIdentity identity = null;
identity = (WindowsIdentity)(HttpContext.Current.User.Identity);
View 1 Replies
Oct 31, 2010
what might be best suited to place in the Application_Start and Session_Start subroutines? I know when each subroutine is called. Application_Start when the first user first accesses the web application. Session_Start when a user opens a session with the application. But what code belongs in each of these subroutines. What should the code in each subroutine do?
View 2 Replies
Oct 6, 2010
I have a simple aspx Page, which html contains:
[Code]....
and code behind:
[Code]....
This is quite simple. When I press btn1, it sets correctly the Session Key. And this is then the issue arrives: When I press one of these buttons, this is the sequence of what happens:
Global.asax: Session_Start
MyPage.aspx: Page_Load » btnX_Click
So, everytime there is a PostBack, even before the Page loads, the session starts and generates a new Id. This way, I loose everything during the PostBack. My Session State configuration:
[Code]....
This is running on VS 2010 + V3.5, on IIS5.1. The Page header configuration is default.
View 6 Replies
Jan 6, 2011
I am using form authentication in my website. I have a scenario wherein the user is authenticated but the session has timed out. So, i would like to initialize some session variables in Session_Start of Global.asax (First i check if Request.IsAuthenticated=True). For that i required the name of the user who authenticated. On .aspx pages we can get it using Page.User.Identity.Name but how to get it in global.asax page.
View 1 Replies
Jun 1, 2010
In the website we have several folders, some folders are accessible by anonymous users, others are accessible by members only, some by administrators or a both administrators and members can view this folder. Each folder contains some forms; these forms are based on the role as well. We'd like to add "user.identity" as to authenticate the user based on the user_id from table websit_ users.
However we are not sure , wither we need to specify each and every form, folder or this will be done automatically once authentication is applied. And where do we put the user.identity and what is the exact format of it. Do we include it in our Global.asax after the authentication part?! This is the code in global.asax:
[Code]....
View 1 Replies
Jan 3, 2010
i want to display current loged in username by global.asax
View 6 Replies
Feb 11, 2011
I have (pretty much) the following code in my protected void Application_Error(object sender, EventArgs e) method in Global.asax....
Exception ex = Server.GetLastError();
if (ex is
System.Security.SecurityException)
Response.Redirect("Logon.aspx");
else
Response.Redirect("ErrorPage.aspx");
If I navigate to a page before I log on the exception is caught and I am redirected to Login.aspx as I would expect. However, this is only working when debugging using VS on my local machine.When uploaded to the live environment, the exception is not caught and the user is presented with "Security Exception - Request for principal permission failed."
View 1 Replies
Feb 22, 2011
What should be done if I want to redirect a user based on their ISO Codes?
And how should I detect a website user's IS Code in the first place? Like I know there are these server variables that we use to detect Client IP and all (HTTP_FORWARDED_FOR, REMOTE_ADDRESS, etc) but information about them on the many sites that I have read has got me confused about what to use. Like some say there can be comma separated IPs returned by HTTP_FORWARDED_X and out of those IPs , one is not sure which is the real IP and which are the proxy addresses. Also, that all the IP addresses in returned can be fake.
How to I fetch the REAL IP Address of a person? Like I only want to know what country a particular person is sitting so I can redirect the user accordingly. Secondly lets say a person is sitting in US then I want the user to be redirected to [URL] If a person is visiting my site from Germany, [URL] is the address that I want the person to be redirected to.Also if DE is the ISO Code then I want my GermanMaster.master page to load and if its US then I want that the USMaster.master should load.
So how do I fetch a user's not fake IP address, redirect a user based on that ISO code and then load a master page according to the ISO Code.
How do I go about it? I haven't ever worked with Global.asax before so clueless how to go about it all.
View 3 Replies
Jun 29, 2010
Here's my environment,Win2003 Standard SP2, IIS 6.0, MOSS 2007, .NET 2.0.50727
IIS website uses MOSS 2007 "Team Site" template and has only IWA enabled. Web.config has Windows auth w/ Impersonation:
<authentication mode="Windows" />
<identity impersonate="true" />[code]...
I'm using the KerbS4U extension to create a new WindowsIdentity which is then used to create a WindowsPrincipal for the new/overriding user:[Code]....
These succeed and I set the new principal to HttpContext.Current.User & Thread.CurrentPrincipal without errors. I've defined both Application_AuthenticateRequest() and Application_PostAuthenticateRequest() functions in global.asax. These show the "new" Identity
in the HttpContext.Current.User & Thread.CurrentPrincipal, but the "Welcome <DOMAINusername>" in the upper-right menu of the default.aspx homepage itself still shows the name from the initial IWA!
I was able to get the "Welcome <name>" to reflect the new user only when using GenericIdentity and GenericPrincipal, but this is a problem as I need to use impersonation to backend services (which can be done using constrained delegation using KerbS4U).
View 2 Replies
Feb 1, 2010
My ASP.NET intranet web application uses Windows Authentication, and I would like to record the following details:
1) Windows ID
2) Session Start Time
3) Session Stop Time
4) URL being browsed to (optional)
I've got some basic code setup in "Session_Start" method of the Global.ASAX to log session start times (seen below), but that's it so far. I have the feeling this is a primitive approach and there are "better" ways of doing this. So I really have two questions:
1) Is this the right way to go about doing this? If not what are some other options?
2) If this is the right way, do I just need to drop some code in the "Session_End" method to record the time they exit, and thats a complete solution? Does this method always get called when they close the browser tab they have the site open in, or do they have to close the entire browser (I don't have logout functionality)? Any way users can skip over this session end method (or start for that case)?
Dim connsql As New System.Data.SqlClient.SqlConnection(ConfigurationManager.ConnectionStrings("MyConnectionstring").ConnectionString)
Dim cmdsql As System.Data.SqlClient.SqlCommand = connsql.CreateCommand
cmdsql.CommandText = "BeginUserSession"
cmdsql.CommandType = Data.CommandType.StoredProcedure
Try
cmdsql.Parameters.Add("@windowsid", System.Data.SqlDbType.VarChar, 30, "windowsid")
cmdsql.Parameters("@windowsid").Value = Session("UserInfo").identity.name
If connsql.State <> System.Data.ConnectionState.Open Then connsql.Open()
cmdsql.ExecuteNonQuery()
connsql.Close()
Catch ex As Exception
Finally
If connsql.State <> Data.ConnectionState.Closed Then connsql.Close()
End Try
'Stored Proc records start time
View 3 Replies
Feb 8, 2011
I know there is a couple answered questions on here regarding "request scoped" globals, but I want to nit-pick on something specifically and maybe squeeze some extra enlightenment out of one or two of you.I have an ASP.NET C# Website and a static Dictionary of objects (loaded from DB once on Application start). Each page request will need to do a lookup in the Dictionary (based on a key derived from the request url/etc) and get the appropriate object.The issue is I'm trying to maximize efficiency by reducing the lookups to the Dictionary per Request. Doing just a single lookup within a Page itself is easy enough and I can pass the object to sub controls, etc too.. but global.asax is separate from the Page and it also needs to use the object (in Application_BeginRequest and Session_Start).
So is doing a Dictionary lookup once in Application_BeginRequest, once (when necessary) in Session_Start and once in the Page negligible speed wise, even if there are many requests coming in every second?I would like it if I could just have a Request scoped global variable that I can easily call upon.. the only one I see available though is HttpContext.Current.Items and that is a Dictionary itself.Am I beingridiculously nit-picky with my concern over efficiency? or will these milliseconds (nanoseconds?) get me in the long run when more and more requests are being made?
PS. I currently only have around 100 objects in the Dictionary although this may increase in the future.
View 2 Replies
Feb 26, 2010
how can we use global.asax in asp.net? and what is that?
View 4 Replies
Jun 20, 2010
Is it possible in the global.asax file on session_start to check if a url string exists and it it does insert the string into a sql database? The url would be something link http://www.mysite.com?campaign=january.
I would want to capture the january bit and put that in the database for each visitor that uses that url.
View 3 Replies
Jan 27, 2010
I want to make All Methods about Error handling in asp.net some one device me at using global.asax what is global.asax?
how can i use it ?
View 1 Replies
May 12, 2010
I have a hosting account on DailyRazor.com , i use Global.asax in my project to start a schedule process in Application_Start.When i just publish my website, and upload it, the Application_Start does not Fire, but when i upload the Global.asax to my host it gives an Error but the Applicaiton_Start Event fires up, and then i delete the Global.asax file and everything works.just wondering, What am doing wrong ? or why this meaningless thing happens?
View 2 Replies
Nov 4, 2010
I have a site with multiple domains pointing to it. I wanted to redirect all requests to main domain so I've created a method called RedirectToRealDomain("domain.com") to check and redirect all requests to my preferred domainAt the moment it lives on Session_Start but I am planing to move it to Application_BeginRequest event. As I understand Session_Start only raised when new session started but Application_BeginRequest raised on all requests. RedirectToRealDomain method doesn't do any DB lookups or anything expensive apart from comparing strings.
View 2 Replies
May 21, 2010
I want to set the Masterpage property in Global.asax.
This is what I have done but I get a NullReferenceException on the first line.
protected void Application_PreSendRequestContent(Object sender, EventArgs e)
{
System.Web.UI.Page page = System.Web.HttpContext.Current.Handler as System.Web.UI.Page;
if (Session["lang"] == "eng")
{
page.MasterPageFile = "SideMasterPageEng.master";
}
}
View 1 Replies
Jun 29, 2010
I am trying to check if the user belongs to someone's friendlist from the database and redirect him accordingly.I am doing this in a routehandler called by Global Asax.I just want to know how to get the username (from the login information) in the route handler class (or Global asax)I used this: string username = HttpContext.Current.User.Identity.Name; and very strangely, its assigning ".aspx" as the username!! ps: i did search for similar question but in vain.
View 1 Replies
Oct 19, 2010
I need replace double slashes in one slash. I am planning do this in Global.asax Application_BeginRequest event. Is it enough? or better do a http module?
UPD
Sub Application_BeginRequest(ByVal sender As Object, ByVal e As EventArgs)
' Fires at the beginning of each request
[code]...
View 1 Replies
Feb 8, 2010
I was under the impression till now that Global.asax is used for application level events and it's a common file for all users. Then what does Session_Start event does in this file. If we have to create user session varaibles then Is this the write place to create those? If someone can kindly clear my confusion on this file and it's methods.
View 5 Replies
Oct 8, 2010
I'm trying to handle all my application exceptions inside the global.asax but from some reason it's not firing at all, i never tried to do it before so i guess i'm doing something wrong here...
here is the code inside the default.aspx page that throw the error:
[Code]....
View 6 Replies
Apr 19, 2010
I'm using the HttpRunTime.Cache.Add to create a routine that runs every 5 mins to post data out of my app to the main DB, and this works fine. However I also need to import some files from disk in this routine. I have my document directory set up in my web.config as a ~/ relative path and resolve this in normal controller actions using Server.MapPath(string). How can I do this in my Global.asax.cs code -when I try to access it, it throws an error?
View 3 Replies
Dec 29, 2010
I have a custom error handler in the global.asax's Application_Error method, when an error occurs I use the following code to transfer user to the error page:Server.Transfer("/Error/");
However without specifying the actual page name the code above breaks with "Error executing child request for /Error/" exception.So if I use Server.Transfer("/Error/Default.aspx") it works fine with no problems.Also using Response.Redirect("/Error/") works fine too, however we want to keep using Server.Transfer to retain URL displayed in the address bar when the error page is displayed so users can simply refresh the page to retry accessing the original offending URL.Would be grateful if anyone can comment on how to get the Server.Transfer method working without specifying the actual aspx page name.
View 1 Replies
Aug 26, 2010
I've got an website running on a third-party hosting server. Now I've got a few objects in global asax. But once in like 6 hours or so (didn't really check how long) the object gets reset to default values.Is this an problem in global asax that it reset's himself or is this the server on which I'm hosting?
View 3 Replies