Security :: IIS7 Recycle Results In Context.User.Identity.IsAuthenticated = False?
Nov 22, 2010
I need an app pool recycle to be completely transparent to the users of my web app. I use ASP.NET 3.5 MVC 1.
Currently, upon an IIS 7 App Pool recycle all users logged into my web app are kicked out and are required to log back in (Context.User.Identity.IsAuthenticated is set to false). I employ SQL State Server, I use forms authentication and both are configured to use cookies. I was under the impression that .NET and/or IIS handles authentication of cookies.
However, every time the app pool is recycled Context.User.Identity.IsAuthenticated is set to false my users are kicked out and are required to log back in. I can see that the session id remains the same throughout logins, I can also view this session information in the database/state server.
Logon method:
[Code]....
Custom Controller Attribute:
[Code]....
WebConfig:
[Code]....
View 1 Replies
Similar Messages:
Sep 7, 2010
I create two pages, the first one is the login page with user name and password textboxes - (not asp login control) , when clicking login button I check the login authentication, if it is true redirect to default page. in the default page if !IsCallBack then i check httpcontext.current.user.identity.isauthenticated
if it is false i redirect the user to the login page. but my problem is that the httpcontext.current.user.identity.isauthenticated is always false.
Below the section of authentication in web config
[code]....
View 5 Replies
Mar 3, 2011
I am trying to create a httphandler which will intercept a sample pdf file which we have in our website. The httphandler works fine from within my development machine and even my locally published website that if I just try to connect to the test url: [URL] I will get sent to the invalid access page. So pushing it to our IIS6 machine when I try to go to the URL it serves up the PDF document. context.User.Identity.IsAuthenticated is always showing as true. I'm using forms authentication. below is the code I am using as the handler.
public void ProcessRequest(HttpContext context)
{
if (context.User.Identity.IsAuthenticated)
{
string SampleURL = context.Request.AppRelativeCurrentExecutionFilePath;
context.Response.Buffer = true;
context.Response.Clear();
using (FileStream fs = new FileStream(HttpContext.Current.Server.MapPath(SampleURL),FileMode.Open))
{
int length = (int)fs.Length;
byte[] buffer;
using (BinaryReader br = new BinaryReader(fs))
{
buffer = br.ReadBytes(length);
}
context.Response.Clear();
context.Response.Buffer = true;
context.Response.ContentType = "application/pdf";
context.Response.BinaryWrite(buffer);
context.Response.End();
}
}
else
{
context.Response.Redirect(
"~/Error/invalid_access.aspx");
}}
in web.config I have the following for form authentication:
<authentication mode="Forms">
<forms name="Sample.Web" loginUrl="~/Security/" defaultUrl="~/default.aspx" protection="All" timeout="60" path="/" requireSSL="false" slidingExpiration="true" enableCrossAppRedirects="false" cookieless="UseDeviceProfile" domain="">
</forms>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
View 3 Replies
Jan 18, 2010
We have an SharePoint site no login (anonymous) with a search module using AJAX. Now the users complains that the module isn't working. When I check the code (not developed by me), I find that the code only runs if "HttpContext.Current.User.Identity.IsAuthenticated=true". Could that ever return true on an anonymous site?
View 1 Replies
May 24, 2010
I have a page where, when the user has successfully logged in, I store some values in the session.
I then use these values to load an application list page. This page is automatically refreshed after 20.1 minutes, with the sessionstate timeout and forms timeout in web.config set to 20 minutes (with sliding expiration). This means, if the user does not use any page for more than 20 minutes, he is timed out.
My problem is that the User.Identity.IsAuthenticated sometimes returns true, when the session has expired.
Why is this happening, and how can I fix it?
View 3 Replies
Jun 13, 2010
To avoid going to the Databse to get the user Id, Id like to append userId to the Context.User.Idenity.name field. This way I can split the returned string to get the UserId without going to the database.
Where can I do this when using the login controls?
Is there some event handler where I can add:
FormsAuthentication.SetAuthCookie(NamePlusUserID, false);
View 1 Replies
Feb 9, 2010
I am using forms authentication and have an issue with a particular browser using the remember me feature. For various reasons I want to support the opera browser that works with the nintendo dsi. I can use forms authentication with that browser just fine but when I use the remember me (cookie) feature I can get through the login but then calls to User.Identity.IsAuthenticated return false. If I do not check remember me it works fine. Initially I thought the browser didn't support cookies but it does. At least I can go to m.gmail.com and check their version of remember me and it works. I can exit the browser and come back in and m.gmail.com remembers me. Also I don't have problems with remember me on any other browser I have tried.
Is anyone aware of some specific browser issue that doesn't work with asp.net forms authentication? I am using asp.net mvc but I doubt that matters.
View 3 Replies
Apr 22, 2010
What is the best sequence order for Page.IsPostBack and User.Identity.IsAuthenticated? From what I have search for, this comes up most common:
If Not Page.IsPostBack Then
If User.Identity.IsAuthenticated Then
~Some kind of code~
End If
End If
Is this considered "best practice" or can the two items - Page.IsPostBack and User.Identity.IsAuthenticated -be split into their own sections so the fuctions of these can be independent of each other?I am trying to troubleshoot a placeholder that disappears from a master page when a content page button is pressed to change the content pages active view (I have a multiview w/ 5 views inside of it).
View 2 Replies
Dec 23, 2010
this works fine on my local site but as soon as i upload the site to my live server i get stem.NullReferenceException: Object reference not set to an instance of an object
on the first line of this:
if (!Page.User.Identity.IsAuthenticated)
{
pnlSignIn.Visible = true;
pnlSignOut.Visible = false;
}
View 1 Replies
Jan 2, 2010
this problem is baffling me. I have a custom class that all my pages inherit from
Public Class Page : Inherits Page
Private Sub Page_Load(ByVal sender As Object, ByVal e As EventArgs) Handles Me.Load
Display Admin Controls (Buttons) '
[code]...
View 2 Replies
Oct 17, 2010
After setting the auth cookie using
FormsAuthentication.SetAuthCookie("myusername", False)
server.transfer("somepage.aspx") to open a web page.
Context.User.Identity.Name is found to be empty
But if I use
Response.Redirect("somepage.aspx")
Context.User.Identity.Name provides correct result.
I am aware of the differences between Response.Redirect and server.transfer. But exactly what is the reason behind this particular behaviour ?
View 1 Replies
Feb 21, 2011
I have a webpage stored on a local server (Site A) which when I browse to it is given my windows account details, this site then checks within AD to get my email address. My email address is then passed to another website (Site B) and consumed. The Website A is set in IIS to Integrated Windows Auth Only, WebSite A has
<identity impersonate="false"/>
set in the web.config What I dont understand is what user is accessing AD from site A - with impersonate = false that is telling the site not impersonate the windows user, but this seems at odds with the setting in IIS.
View 3 Replies
Sep 30, 2010
When I am debugging an application in ASP.NET, after about ~5 minutes I get a NullRefEx coming from global.asax.cs regarding:
protected void Session_Start(Object sender, EventArgs e)
{
WindowsIdentity identity = null;
identity = (WindowsIdentity)(Context.User.Identity);
...
Context is Null at this point. I am a noob in ASP.NET with regards to Global.asax.cs. This code was written by another developer. EDIT: This is the code with HttpContext...
protected void Session_Start(Object sender, EventArgs e)
{
WindowsIdentity identity = null;
identity = (WindowsIdentity)(HttpContext.Current.User.Identity);
View 1 Replies
May 19, 2010
Our code relies on checking the Context.User.Identity value in the Global.asax Application AuthenticateRequest(...) method to retrieve some information about the logged in user. This works fine in classic mode but when I flip IIS to use the Integrated Pipeline "Context.User" comes back as null, but only intermittently.I have < authentication mode="Windows"> and only Windows Auth enabled in the Virtual Directory.
View 1 Replies
Jun 29, 2010
Environment is IIS 7 integrated pipeline, ASP.NET 4.0. I have a .aspx page configured without anonymous authentication and with windows authentication:
<location path="auth/windows">
<system.webServer>
<security>
[code]...
When I request the page, a normal Windows auth (NTLM/Negotiate) challenge response happens, and ultimately the page is returned.I have an HttpModule in which I handle the PostAuthorize event. As expected, this event is only raised once the challenge-response authentication has succeeded and access to the page has been authorized.However, the Request.IsAuthenticated property is false; and HttpContext.Current.User.Identity reflects an unauthenticated user (.Name returns the empty string). Interestingly, Request.ServerVariables["LOGON_USER"] does return the value of the authenticated Windows user.I'd have thought that once the user was authenticated (and authorized, for that matter), the request would reflect being authenticated; and the User / Identity for the request would have been properly set.
View 1 Replies
Mar 3, 2011
I have a number of ASP.NET (4.0) web applications that appear to leak (a small amount) of memory during each request. It is such a small amount, that for most use-cases, it will not grow to become a problem for weeks or even months at a time. I generally try to be good with closing any connections managed by the application, avoiding state-variables (or instance variables for my singleton), etc. My question is this - is this normal behavior for ASP.NET applications? I had turned off the default (IIS 7) behavior of recycling the app pool after 20 minutes of being idle. I do this since the application takes a few minutes to build its internal cache, and I want to avoid negatively impacting the user experience (and having them wait for the application to start when they issue the request).
View 1 Replies
Aug 23, 2010
I've got an ASP.NET MVC app running under IIS7. It's using the default in-proc session management, which, according to all that I read, should lose the users' session after an app pool recycle.It doesn't seem to be losing it though. Even an IIS reset doesn't lose the session.Has something changed in IIS7 that keeps the session alive?
View 1 Replies
Nov 19, 2010
I have identity impersonate = true in the Web.config file. I have integrated security = true in the DB connection string in the Web.config file.Before identity impersonate was true,users were able to access the DB through the web service account (seemingly).Now I get an error which says " Login failed for ... " because I am aware there is no specific account for that user in the permissions for that DB instance.I needed to set identity impersonate = true because the web service does not have access to the Active Directory,which I need to retrieve certain user information.
My question is,does identity impersonate = true override the integrated security and attempt to user the authenticated user's account to connect to the DB? Is there a simple way to prevent this in the Web.config itself?If not,would programatically impersonating the user within the Active Directory query functions and setting identity impersonate = false do the trick here?
View 2 Replies
Dec 23, 2010
I have implemented Forms authentication in an ASP.NET MVC 2 website
By using <%: Page.User.Identity.Name %> on the Site.Master page I can display the userid of the logged in user.
I would like to use this value and display other information about the user that is stored in a User table in a MsSQL database, like:
<%: GetFirstname(Page.User.Identity.Name) %>
View 2 Replies
Mar 17, 2011
We are using membership provider for LDAP authentication. It is working as it should.
But what all configuration settings I have to do so that
all the future requests to this application run under the security context of the Logged in user account not through the some default user set in IIS.
We need to have this working because all the permissions on the database are based on the logged in user.
We are using form authentication for LDAP authentication. And having impersonation = true in web.config.
View 1 Replies
Mar 4, 2010
Is there a simple way to just retrieve the user's name, and not the Domain name, when using this function:
string quizTaker = Page.User.Identity.Name.ToString();
Right now it returns "DOMAIN_NAMEUserName"
I would like to just use isolate and use the user's name, without the Domain name.
View 2 Replies
Oct 7, 2010
what is the use formsAuthentication.user.identity
is it one of the property of page
View 1 Replies
Jun 1, 2010
In the website we have several folders, some folders are accessible by anonymous users, others are accessible by members only, some by administrators or a both administrators and members can view this folder. Each folder contains some forms; these forms are based on the role as well. We'd like to add "user.identity" as to authenticate the user based on the user_id from table websit_ users.
However we are not sure , wither we need to specify each and every form, folder or this will be done automatically once authentication is applied. And where do we put the user.identity and what is the exact format of it. Do we include it in our Global.asax after the authentication part?! This is the code in global.asax:
[Code]....
View 1 Replies
Jan 1, 2010
On my master page i have a link button which should be visible only by Administrator or Supervisors roles.
So in the code behind file of the master page i have put the following code in page load event
[Code]....
but i am getting following error
The name 'User' does not exist in the current context
View 2 Replies
Apr 23, 2010
I wanted to be able, as an administrator, to create new users using the createuser wizard. When I use the wizard to add a new user, however, I end up logged in as that user, instead of as my admin account. How do I prevent from being logged in as the user I just created?
View 2 Replies
