Security :: HttpContext.Current.Request.LogonUserIdentity.Name Invalid After Rename?
Nov 30, 2010
I have IIS on S2k8 and a website with Windows Authentication only.
I can easily reproduce the following scenario, where HttpContext.Current.Request.LogonUserIdentity.Name has a bad value:
Login to website using FireFox, using an Active Directory account "user" (I could use IE to reproduce the same, but it's a few extra steps)Display <%=System.Web.HttpContext.Current.Request.LogonUserIdentity.Name%> on the pageIt shows "DOMAINuser", which is correctI go into Active Directory and rename the account to be "userX" instead of "user" (both SAMAccountName & UPN)Restart FireFoxLogin to website using "userX" accountThe page still shows "DOMAINuser", instead of the expected "DOMAINuserX"
It seems almost as if IIS has cached the old username and it's not showing me the new one, even though I explicitly enter it in the login prompt.
View 6 Replies
Similar Messages:
Nov 30, 2010
I was/am struggling with security for my first MVC applicaiton. It worked out great for me, but not for my users. I wanted to use Windows Authentication (and I seem to have that working). But when I was still trying to implement it, I was on one of our users computers where they were logged in. I navigated to the main Index page and used the supplied MVC login link and *MY* credentials. So now every time that user navigates to that page, it logs her in as me. We are using IE8, I have deleted all the cookies, passwords, forms information I can fine through Tools|Internet Options|Tool|Content|AutoComplete.
View 6 Replies
Apr 28, 2010
Why does HttpContext.Current.Request.Url.Host return a different URL than the URL used in the Web browser? For example, when entering "www.someurl.com" in the browser, the HttpContext.Current.Request.Url.Host variable is equal to "www.someotherurl.com".
View 1 Replies
Feb 1, 2010
I've got an ASP .Net application running on IIS7. I'm using the current url that the site is running under to set some static properties on a class in my application. To do this, I'm getting the domain name using this (insde the class's static constructor):
var host = HttpContext.Current.Request.Url.Host;
And it works fine on my dev machine (windows XP / Cassini). However, when I deploy to IIS7, I get an exception: "Request is not available in this context".
I'm guessing this is because I'm using this code in the static constructor of an object, which is getting executed in IIS before any requests come in; and Cassini doesn't trigger the static constructor until a request happens. Now, I didn't originally like the idea of pulling the domain name from the Request for this very reason, but it was the only place I found it =)
So, does anyone know of another place that I can get the host domain name? I'm assuming that ASP .Net has got to be aware of it at some level independent of HttpRequests, I just don't know how to access it.
View 3 Replies
Jul 28, 2010
In an asynchronous process, I need to get the name of the domain/server the web application is running on. But in that situation HttpContext.Current is not available, so I cant use HttpContext.Current.Request.ServerVariables("SERVER_NAME").
View 7 Replies
Apr 15, 2010
I have various web pages that need to build up a URL to display or place it in an emitted email message. The code I inherited had this value for the name of the webserver in a Public Const in a Public Class called FixedConstants. For example:
Public Const cdServerName As String = "WEBSERVERNAME"
Trying to improve on this, I wrote this:
Public Class UIFunction
Public Shared myhttpcontext As HttpContext
Public Shared Function cdWebServer() As String
Dim s As New StringBuilder("http://")
Dim h As String
h = String.Empty
Try
h = Current.Request.ServerVariables("REMOTE_HOST").ToString()
Catch ex As Exception
Dim m As String
m = ex.Message.ToString() 'Ignore this should-not-occur thingy
End Try
If h = String.Empty Then
h = "SomeWebServer"
End If
s.Append(h)
s.Append("/")
Return s.ToString()
End Function
I've tried different things while debugging such as HttpContext.Current.Request.UserHostName and I always get an empty string which pumps out my default string "SomeWebServer". I know Request.UserHostName or Request.ServerVariables("REMOTE_HOST") works when invoked from a page but why does this return empty when invoked from a called method of a class file (i.e. UIFunction.vb)?
View 2 Replies
Oct 6, 2010
When user requests http://localhost/WebApp1/Default.aspx, txtApplicationPath.Text should be assigned "/WebApp1", while txtAbsolutePath.Text should be assigned "http://localhost/WebApp1/Default.aspx", but instead both textboxes display empty strings.
[code]...
View 1 Replies
Feb 24, 2011
I have one IIS entry with AppPool integrated mode. There are 5 or more host headers assigned. The application pulls data based on the host name from Request.Url.Host. When I have 2 or more sites open at the same time the value of the Request.Url.Host is the same across all the sites. About every 30 seconds it resets itself to the correct value from the last request and shows that value on the other sites. So ultimately the sites are loading the same data. The value in the HOST server variable is incorrect as well.
View 1 Replies
Sep 7, 2010
I create two pages, the first one is the login page with user name and password textboxes - (not asp login control) , when clicking login button I check the login authentication, if it is true redirect to default page. in the default page if !IsCallBack then i check httpcontext.current.user.identity.isauthenticated
if it is false i redirect the user to the login page. but my problem is that the httpcontext.current.user.identity.isauthenticated is always false.
Below the section of authentication in web config
[code]....
View 5 Replies
Jan 18, 2010
We have an SharePoint site no login (anonymous) with a search module using AJAX. Now the users complains that the module isn't working. When I check the code (not developed by me), I find that the code only runs if "HttpContext.Current.User.Identity.IsAuthenticated=true". Could that ever return true on an anonymous site?
View 1 Replies
Feb 2, 2010
What are the differences (behind the scenes) between Page.User.Identity and Request.LogonUserIdentity? Not the differences in type, name, etc but the differences in how they're implemented behind the scenes (i.e. one calls windows xxx api and the other calls asp.net xxx api...).
View 1 Replies
Sep 29, 2010
I have an ashx handler that was working fine in VS2008 but when I upgraded to VS2010 (haven't gone back to VS2008 to double check though) and when I try to grab the value from HttpContext.Request.Params["update"] I get the following error:
+ ex {"A potentially dangerous Request.QueryString value was detected from the client (update="<SETIProducts><Produ...")."}
System.Exception {System.Web.HttpRequestValidationException}
View 3 Replies
Apr 9, 2010
We're migrating an application to use IIS7 integrated mode. In library code that is designed to work either within the context of an HTTP request or not, we commonly have code like this:
if (HttpContext.Current != null &&
HttpContext.Current.Request != null) {
// do something with HttpContext.Current.Request
} else {
// do equivalent thing without HttpContext..
}
But in IIS7 integrated mode the check for HttpContext.Current.Request throws an exception whenever this code is called from Application_Start.
protected void Application_Start(object sender, EventArgs e)
{
SomeLibrary.DoSomethingWithHttpContextCurrentDetection();
}
Results in:
System.Web.HttpException: Request is not available in this context
How can I detect whether the request is really available without wrapping these calls in an exception handler and taking action based on whether an exception is generated or not.
Looking at HttpContext in Reflector I see it has an internal bool HideRequestResponse field but it's internal so I can only get to it with reflection and that's fragile. Is there a more official/approved way to determine if it's ok to call HttpContext.Request?
This blog post about the subject says not to use HttpContext, but how, in generic library code, can you determine if it's ok to use HttpContext?
http://mvolo.com/blogs/serverside/archive/2007/11/10/Integrated-mode-Request-is-not-available-in-this-context-in-Application_5F00_Start.aspx
I'm using the work-around mentioned there which is to use Application_BeginRequest and an initialized field to only initialize once as part of BeginRequest, but that has to be done in every calling application whereas I'd prefer to make the library code more robust and handle this situation regardless of where it's called from.
View 4 Replies
Mar 11, 2010
I have a static class with serveral static methods. In these methods, I'm trying to access the current thread's context using HttpContext.Current. For example:
var userName = HttpContext.Current.User.Identity.Name;
However, when I do that, I receive a NullReferenceException, the infamous "Object reference not set to an instance of an object."
View 3 Replies
Feb 15, 2011
I am building a simple intranet site and want to get the employees user name, but when i use Request.LogonUserIdentity.Name , i keep getting the servers credentials and not the users. what am i doing wrong and is there a better way to do this.
View 1 Replies
Nov 23, 2010
i'm using an example in which i can fake the session.It's for use in a unittest of a mvc controller.In the test i create a controller and then i do this:
FakeHttpContext httpctx = new FakeHttpContext(null,null,null,null,mSessionItems );
ControllerContext ctx2 = new ControllerContext(httpctx,new RouteData(), target);
here mSessionItems is my session and target is my instance of a controller,and indeed, when i'm in a controller reading this.ControllerContext.HttpContext.Session, i have a session, great!but.... i also read the session outside the controller, and there i use HttpContext.Current.Session, and that is null (or actualy, the HttpContext.Current is null).
View 1 Replies
Nov 23, 2010
I have been experimenting with code that will clear all of the cookies in an HttpContext.Response.Initially, I used this:
DateTime cookieExpires = DateTime.Now.AddDays(-1);
for (int i = 0; i < HttpContext.Request.Cookies.Count; i++)
{
HttpContext.Response.Cookies.Add(
new HttpCookie(HttpContext.Request.Cookies[i].Name, null) { Expires = cookieExpires });
}
this will error with an OutOfMemoryException because the for loop never exits - each time you add a cookie to the Response, it also gets added to the `Request.
View 1 Replies
Apr 5, 2011
What is the difference between the three ASP.NET objects:
HttpContext.Current.Request
HttpContext.Request
Request
Are these exactly the same?
Edit 1
Do these objects behave differently inside global.asax/global.asax.vb and default.aspx/default.aspx.vb.
Edit 2
OK I'll try to be specific this time. Which of the following should I use:
' File: global.asax
Protected Sub Application_BeginRequest(ByVal sender As Object, ByVal e As System.EventArgs)
If Request.Url.Port = 80 Then
'If HttpContext.Current.Request.Url.Port = 80 Then
[Code]...
View 2 Replies
Apr 4, 2011
I am trying to use curl to access 3rd party webservice, I used the following code which works well if I try it on my own linux server, the data is being sent ok, but the IIS on the 3rd party server returns an error.
$longdata is a long string of data, maybe over 1000 characters long the 3rd party has many working clients with various implementations so the problem is on my side. what do I need to add to the request in order to get this through ?
<?php
$c = curl_init();
// curl_setopt($c, CURLOPT_HTTPHEADER, array('Expect:'));
curl_setopt($c, CURLOPT_URL, 'http://XXX.com/test/index.asmx');
curl_setopt($c, CURLOPT_POST, 1);
curl_setopt($c, CURLOPT_HEADER, 1);
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
$post = array('param1' => 'XXXX', "param2" => "Y", "Param3" => $long_data);
curl_setopt($c, CURLOPT_POSTFIELDS, $post);
$response = curl_exec($c);
echo $response;
/*
Response:
HTTP/1.1 100 Continue
HTTP/1.1 500 Internal Server Error
Date: Tue, 05 Apr 2011 14:11:51 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/plain; charset=utf-8
Content-Length: 100
Request format is invalid: multipart/form-data; boundary=----------------------------5d738237d9e0.
*/
?>
View 2 Replies
Aug 5, 2010
I'm wondering how HttpContext.Current gets assigned a unique instance for every request considering it's a static object?
View 2 Replies
Feb 5, 2010
Is it safe to always assume that HttpContext.Current will be non-null in Application_PreRequestHandlerExecute?
EDIT: Assuming ASP.NET webforms (not MVC).
View 2 Replies
May 4, 2010
As per title. I want to be able to save some data in a cache object but this object must be available to all users/sessions and can expire.What is the best method to achieve this in a asp.net web app?
View 2 Replies
Aug 20, 2010
I am getting HttpContext.Current.Session is null.Will this be a problem if we have application hosted in web farm.
View 1 Replies
Jan 20, 2011
I have some code that works fine when I need to delete some image files from a directory on my web server:
Dim ImageURL As String = dsImages.Tables(0).Rows(iImgRow).Item("ImageURL")
Dim physicalName = Server.MapPath(ImageURL)
oUpload.DeleteFileFromServer(physicalName, iAdid, iImgID)
.but I am running into a problem when a maintenance task running in a separate thread at set intervals determines that files like the above need to be deleted:
Dim ImageURL As String = dsImage.Tables(0).Rows(i - 1).Item("ImageURL")
Dim iImgID As Integer = dsImage.Tables(0).Rows(i - 1).Item("ImageId")
Dim physicalName As String = HttpContext.Current.Server.MapPath(ImageURL)
oUpload.DeleteFileFromServer(physicalName, iAdID, iImgID)
In this latter case, HttpContext.Current.Server.MapPath(ImageURL) has a value of Nothing.Is there a way to get the full path for this case?
View 1 Replies
Feb 12, 2011
For instance if I'm inside the Page_Load method and I want to get query string data I just do this:
public partial class Product_Detail : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
[code].....
View 4 Replies