Security :: HttpContext.Current.Request.LogonUserIdentity.Name Invalid After Rename?

Nov 30, 2010

I have IIS on S2k8 and a website with Windows Authentication only.

I can easily reproduce the following scenario, where HttpContext.Current.Request.LogonUserIdentity.Name has a bad value:

Login to website using FireFox, using an Active Directory account "user" (I could use IE to reproduce the same, but it's a few extra steps)Display <%=System.Web.HttpContext.Current.Request.LogonUserIdentity.Name%> on the pageIt shows "DOMAINuser", which is correctI go into Active Directory and rename the account to be "userX" instead of "user" (both SAMAccountName & UPN)Restart FireFoxLogin to website using "userX" accountThe page still shows "DOMAINuser", instead of the expected "DOMAINuserX"

It seems almost as if IIS has cached the old username and it's not showing me the new one, even though I explicitly enter it in the login prompt.

View 6 Replies


Similar Messages:

Security :: Wrong User Being Recognized By HttpContext.Current.Request.LogonUserIdentity.Name?

Nov 30, 2010

I was/am struggling with security for my first MVC applicaiton. It worked out great for me, but not for my users. I wanted to use Windows Authentication (and I seem to have that working). But when I was still trying to implement it, I was on one of our users computers where they were logged in. I navigated to the main Index page and used the supplied MVC login link and *MY* credentials. So now every time that user navigates to that page, it logs her in as me. We are using IE8, I have deleted all the cookies, passwords, forms information I can fine through Tools|Internet Options|Tool|Content|AutoComplete.

View 6 Replies

Where Is Origin Of HttpContext.Current.Request.Url.Host

Apr 28, 2010

Why does HttpContext.Current.Request.Url.Host return a different URL than the URL used in the Web browser? For example, when entering "www.someurl.com" in the browser, the HttpContext.Current.Request.Url.Host variable is equal to "www.someotherurl.com".

View 1 Replies

Get The Host Domain Name Without Using HttpContext.Current.Request?

Feb 1, 2010

I've got an ASP .Net application running on IIS7. I'm using the current url that the site is running under to set some static properties on a class in my application. To do this, I'm getting the domain name using this (insde the class's static constructor):

var host = HttpContext.Current.Request.Url.Host;

And it works fine on my dev machine (windows XP / Cassini). However, when I deploy to IIS7, I get an exception: "Request is not available in this context".

I'm guessing this is because I'm using this code in the static constructor of an object, which is getting executed in IIS before any requests come in; and Cassini doesn't trigger the static constructor until a request happens. Now, I didn't originally like the idea of pulling the domain name from the Request for this very reason, but it was the only place I found it =)

So, does anyone know of another place that I can get the host domain name? I'm assuming that ASP .Net has got to be aware of it at some level independent of HttpRequests, I just don't know how to access it.

View 3 Replies

Web Forms :: Get Server / Domain Name Without HttpContext.Current.Request.ServerVariables?

Jul 28, 2010

In an asynchronous process, I need to get the name of the domain/server the web application is running on. But in that situation HttpContext.Current is not available, so I cant use HttpContext.Current.Request.ServerVariables("SERVER_NAME").

View 7 Replies

HttpContext.Current.Request.UserHostName Is Empty When Called From A Class

Apr 15, 2010

I have various web pages that need to build up a URL to display or place it in an emitted email message. The code I inherited had this value for the name of the webserver in a Public Const in a Public Class called FixedConstants. For example:

Public Const cdServerName As String = "WEBSERVERNAME"

Trying to improve on this, I wrote this:

Public Class UIFunction
Public Shared myhttpcontext As HttpContext
Public Shared Function cdWebServer() As String
Dim s As New StringBuilder("http://")
Dim h As String
h = String.Empty
Try
h = Current.Request.ServerVariables("REMOTE_HOST").ToString()
Catch ex As Exception
Dim m As String
m = ex.Message.ToString() 'Ignore this should-not-occur thingy
End Try
If h = String.Empty Then
h = "SomeWebServer"
End If
s.Append(h)
s.Append("/")
Return s.ToString()
End Function

I've tried different things while debugging such as HttpContext.Current.Request.UserHostName and I always get an empty string which pumps out my default string "SomeWebServer". I know Request.UserHostName or Request.ServerVariables("REMOTE_HOST") works when invoked from a page but why does this return empty when invoked from a called method of a class file (i.e. UIFunction.vb)?

View 2 Replies

Asp.net - HttpContext.Current.Request.Url.AbsolutePath Return An Empty String?

Oct 6, 2010

When user requests http://localhost/WebApp1/Default.aspx, txtApplicationPath.Text should be assigned "/WebApp1", while txtAbsolutePath.Text should be assigned "http://localhost/WebApp1/Default.aspx", but instead both textboxes display empty strings.

[code]...

View 1 Replies

MVC :: HttpContext.Current.Request.Url.Host Not Correct When Using Host Headers In IIS 7.5

Feb 24, 2011

I have one IIS entry with AppPool integrated mode. There are 5 or more host headers assigned. The application pulls data based on the host name from Request.Url.Host. When I have 2 or more sites open at the same time the value of the Request.Url.Host is the same across all the sites. About every 30 seconds it resets itself to the correct value from the last request and shows that value on the other sites. So ultimately the sites are loading the same data. The value in the HOST server variable is incorrect as well.

View 1 Replies

Security :: Httpcontext.current.user.identity.isauthenticated Always False?

Sep 7, 2010

I create two pages, the first one is the login page with user name and password textboxes - (not asp login control) , when clicking login button I check the login authentication, if it is true redirect to default page. in the default page if !IsCallBack then i check httpcontext.current.user.identity.isauthenticated

if it is false i redirect the user to the login page. but my problem is that the httpcontext.current.user.identity.isauthenticated is always false.

Below the section of authentication in web config

[code]....

View 5 Replies

Security :: HttpContext.Current.User.Identity.IsAuthenticated / Module Isn't Working

Jan 18, 2010

We have an SharePoint site no login (anonymous) with a search module using AJAX. Now the users complains that the module isn't working. When I check the code (not developed by me), I find that the code only runs if "HttpContext.Current.User.Identity.IsAuthenticated=true". Could that ever return true on an anonymous site?

View 1 Replies

C# - Differences Between Page.User.Identity Versus Request.LogonUserIdentity

Feb 2, 2010

What are the differences (behind the scenes) between Page.User.Identity and Request.LogonUserIdentity? Not the differences in type, name, etc but the differences in how they're implemented behind the scenes (i.e. one calls windows xxx api and the other calls asp.net xxx api...).

View 1 Replies

Security :: HttpContext.Session A Potentially Dangerous Request.QueryString Value Was Detected?

Sep 29, 2010

I have an ashx handler that was working fine in VS2008 but when I upgraded to VS2010 (haven't gone back to VS2008 to double check though) and when I try to grab the value from HttpContext.Request.Params["update"] I get the following error:

+ ex {"A potentially dangerous Request.QueryString value was detected from the client (update="<SETIProducts><Produ...")."}
System.Exception {System.Web.HttpRequestValidationException}

View 3 Replies

C# - Workaround For HttpContext.HideRequestResponse Being Internal? Detect If HttpContext.Request Is Really Available?

Apr 9, 2010

We're migrating an application to use IIS7 integrated mode. In library code that is designed to work either within the context of an HTTP request or not, we commonly have code like this:

if (HttpContext.Current != null &&
HttpContext.Current.Request != null) {
// do something with HttpContext.Current.Request
} else {
// do equivalent thing without HttpContext..
}

But in IIS7 integrated mode the check for HttpContext.Current.Request throws an exception whenever this code is called from Application_Start.

protected void Application_Start(object sender, EventArgs e)
{
SomeLibrary.DoSomethingWithHttpContextCurrentDetection();
}

Results in:

System.Web.HttpException: Request is not available in this context

How can I detect whether the request is really available without wrapping these calls in an exception handler and taking action based on whether an exception is generated or not.

Looking at HttpContext in Reflector I see it has an internal bool HideRequestResponse field but it's internal so I can only get to it with reflection and that's fragile. Is there a more official/approved way to determine if it's ok to call HttpContext.Request?

This blog post about the subject says not to use HttpContext, but how, in generic library code, can you determine if it's ok to use HttpContext?

http://mvolo.com/blogs/serverside/archive/2007/11/10/Integrated-mode-Request-is-not-available-in-this-context-in-Application_5F00_Start.aspx

I'm using the work-around mentioned there which is to use Application_BeginRequest and an initialized field to only initialize once as part of BeginRequest, but that has to be done in every calling application whereas I'd prefer to make the library code more robust and handle this situation regardless of where it's called from.

View 4 Replies

Access The Current Thread's Context Using HttpContext.Current?

Mar 11, 2010

I have a static class with serveral static methods. In these methods, I'm trying to access the current thread's context using HttpContext.Current. For example:

var userName = HttpContext.Current.User.Identity.Name;

However, when I do that, I receive a NullReferenceException, the infamous "Object reference not set to an instance of an object."

View 3 Replies

Vb.net - Request.LogonUserIdentity.Name Returns Server Credential Not The Users Credential

Feb 15, 2011

I am building a simple intranet site and want to get the employees user name, but when i use Request.LogonUserIdentity.Name , i keep getting the servers credentials and not the users. what am i doing wrong and is there a better way to do this.

View 1 Replies

Difference Between ControllerContext.HttpContext.Session And HttpContext.Current.Session

Nov 23, 2010

i'm using an example in which i can fake the session.It's for use in a unittest of a mvc controller.In the test i create a controller and then i do this:

FakeHttpContext httpctx = new FakeHttpContext(null,null,null,null,mSessionItems );
ControllerContext ctx2 = new ControllerContext(httpctx,new RouteData(), target);

here mSessionItems is my session and target is my instance of a controller,and indeed, when i'm in a controller reading this.ControllerContext.HttpContext.Session, i have a session, great!but.... i also read the session outside the controller, and there i use HttpContext.Current.Session, and that is null (or actualy, the HttpContext.Current is null).

View 1 Replies

Relationship Between HttpContext.Request.Cookies And HttpContext.Response.Cookies

Nov 23, 2010

I have been experimenting with code that will clear all of the cookies in an HttpContext.Response.Initially, I used this:

DateTime cookieExpires = DateTime.Now.AddDays(-1);
for (int i = 0; i < HttpContext.Request.Cookies.Count; i++)
{
HttpContext.Response.Cookies.Add(
new HttpCookie(HttpContext.Request.Cookies[i].Name, null) { Expires = cookieExpires });
}

this will error with an OutOfMemoryException because the for loop never exits - each time you add a cookie to the Response, it also gets added to the `Request.

View 1 Replies

.net - Difference Between HttpContext.Request And Request?

Apr 5, 2011

What is the difference between the three ASP.NET objects:

HttpContext.Current.Request
HttpContext.Request
Request

Are these exactly the same?

Edit 1

Do these objects behave differently inside global.asax/global.asax.vb and default.aspx/default.aspx.vb.

Edit 2

OK I'll try to be specific this time. Which of the following should I use:

' File: global.asax
Protected Sub Application_BeginRequest(ByVal sender As Object, ByVal e As System.EventArgs)
If Request.Url.Port = 80 Then
'If HttpContext.Current.Request.Url.Port = 80 Then

[Code]...

View 2 Replies

PHP Curl Request To IIS Results In Request Format Is Invalid?

Apr 4, 2011

I am trying to use curl to access 3rd party webservice, I used the following code which works well if I try it on my own linux server, the data is being sent ok, but the IIS on the 3rd party server returns an error.

$longdata is a long string of data, maybe over 1000 characters long the 3rd party has many working clients with various implementations so the problem is on my side. what do I need to add to the request in order to get this through ?

<?php
$c = curl_init();
// curl_setopt($c, CURLOPT_HTTPHEADER, array('Expect:'));
curl_setopt($c, CURLOPT_URL, 'http://XXX.com/test/index.asmx');
curl_setopt($c, CURLOPT_POST, 1);
curl_setopt($c, CURLOPT_HEADER, 1);
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
$post = array('param1' => 'XXXX', "param2" => "Y", "Param3" => $long_data);
curl_setopt($c, CURLOPT_POSTFIELDS, $post);
$response = curl_exec($c);
echo $response;
/*

Response:

HTTP/1.1 100 Continue
HTTP/1.1 500 Internal Server Error
Date: Tue, 05 Apr 2011 14:11:51 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/plain; charset=utf-8
Content-Length: 100
Request format is invalid: multipart/form-data; boundary=----------------------------5d738237d9e0.
*/
?>

View 2 Replies

How To HttpContext.Current Work?

Aug 5, 2010

I'm wondering how HttpContext.Current gets assigned a unique instance for every request considering it's a static object?

View 2 Replies

Application_PreRequestHandlerExecute: Null HttpContext.Current?

Feb 5, 2010

Is it safe to always assume that HttpContext.Current will be non-null in Application_PreRequestHandlerExecute?

EDIT: Assuming ASP.NET webforms (not MVC).

View 2 Replies

HttpContext.Current / Cache Available To All Sessions

May 4, 2010

As per title. I want to be able to save some data in a cache object but this object must be available to all users/sessions and can expire.What is the best method to achieve this in a asp.net web app?

View 2 Replies

HttpContext.Current.Session Is Null

Aug 20, 2010

I am getting HttpContext.Current.Session is null.Will this be a problem if we have application hosted in web farm.

View 1 Replies

How To Use Server.MapPath When HTTPContext .Current Is Nothing

Jan 20, 2011

I have some code that works fine when I need to delete some image files from a directory on my web server:

Dim ImageURL As String = dsImages.Tables(0).Rows(iImgRow).Item("ImageURL")
Dim physicalName = Server.MapPath(ImageURL)
oUpload.DeleteFileFromServer(physicalName, iAdid, iImgID)

.but I am running into a problem when a maintenance task running in a separate thread at set intervals determines that files like the above need to be deleted:

Dim ImageURL As String = dsImage.Tables(0).Rows(i - 1).Item("ImageURL")
Dim iImgID As Integer = dsImage.Tables(0).Rows(i - 1).Item("ImageId")
Dim physicalName As String = HttpContext.Current.Server.MapPath(ImageURL)
oUpload.DeleteFileFromServer(physicalName, iAdID, iImgID)

In this latter case, HttpContext.Current.Server.MapPath(ImageURL) has a value of Nothing.Is there a way to get the full path for this case?

View 1 Replies

Why Does HttpContext.Current Need To Used Within A Class, But Not A Method

Feb 12, 2011

For instance if I'm inside the Page_Load method and I want to get query string data I just do this:

public partial class Product_Detail : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
[code].....

View 4 Replies







Copyrights 2005-15 www.BigResource.com, All rights reserved