Security :: Setting HttpApplication.Context.User Is Terribly Slow?
Mar 17, 2010
Does anyone have a clue why setting the Principal for the context would be so slow that a request times out? I have a custom HttpModule that subscribes to the "AuthenticateRequest" event. I have this call which works fine to create the Principal (which makes all the DB queries)
[Code]....
where context.User is source.Context.User where source is the HttpApplication.
View 2 Replies
Similar Messages:
Mar 17, 2011
We are using membership provider for LDAP authentication. It is working as it should.
But what all configuration settings I have to do so that
all the future requests to this application run under the security context of the Logged in user account not through the some default user set in IIS.
We need to have this working because all the permissions on the database are based on the logged in user.
We are using form authentication for LDAP authentication. And having impersonation = true in web.config.
View 1 Replies
Jan 1, 2010
On my master page i have a link button which should be visible only by Administrator or Supervisors roles.
So in the code behind file of the master page i have put the following code in page load event
[Code]....
but i am getting following error
The name 'User' does not exist in the current context
View 2 Replies
Feb 7, 2010
I currently have a ProfileCommon enabled on my site and would like to know where I would start to transfer this ProfileCommon's context to a user's profile after he/she has logged in. Here is a snippet of how I have defined this ProfileCommon:
[Code]....
View 2 Replies
Jun 13, 2010
To avoid going to the Databse to get the user Id, Id like to append userId to the Context.User.Idenity.name field. This way I can split the returned string to get the UserId without going to the database.
Where can I do this when using the login controls?
Is there some event handler where I can add:
FormsAuthentication.SetAuthCookie(NamePlusUserID, false);
View 1 Replies
Nov 22, 2010
I need an app pool recycle to be completely transparent to the users of my web app. I use ASP.NET 3.5 MVC 1.
Currently, upon an IIS 7 App Pool recycle all users logged into my web app are kicked out and are required to log back in (Context.User.Identity.IsAuthenticated is set to false). I employ SQL State Server, I use forms authentication and both are configured to use cookies. I was under the impression that .NET and/or IIS handles authentication of cookies.
However, every time the app pool is recycled Context.User.Identity.IsAuthenticated is set to false my users are kicked out and are required to log back in. I can see that the session id remains the same throughout logins, I can also view this session information in the database/state server.
Logon method:
[Code]....
Custom Controller Attribute:
[Code]....
WebConfig:
[Code]....
View 1 Replies
Sep 18, 2010
How can I access the cache of one web application/domain from another web application/domain?Here is my scenario. I need to verify/check the existence of a certain object in one web application/domain's cache from another web application/domain.
View 1 Replies
Oct 25, 2010
Not sure if this falls under security but I figured since its about logging in it might. Anyway. I would like to know if my approach is good. I have set up a login, the Login method is under the User Class which uses validation to my own database (not ASPNETDB). I would also like to set values to that user to use on each page such as a simple label on the home page that says "Hello [UserName]". Code is below, should I separate the User values into a different class? Also once i go to another page (called Home.aspx) I would like to set an ASP Panel to have the username in it. I created a new instance of the User class in Home.aspx but unsure what I would need to go to get this to work. Should I have some LoadUser method after a successful login?
View 1 Replies
Mar 7, 2010
After a new user first registers at the website, I want to force them to first be approved by an admin before allowing them access to the full site. I created different roles in the ASP.net configuration tool that denies them access but the default setting allows them in. How do I go about this?
View 1 Replies
Oct 16, 2010
I have some pages that need user to sign in. If not, I need to redirect user to signin page. I know this can be done by using some code like"<system.web><authorization><deny users="?"/></authorization></system.web>" in web.config.
But can I just write some code to do the same function?
like in page load method, I can check whether user is sign in, if user is not signed in yet, how can I redirect user to the login page by using code? and how can I stop sending the content of the page to user?
View 3 Replies
Apr 9, 2010
i have an administrators page that gets a list of the users that are members of my site and i want to display their profile each time i clikc on the user name.
In order to do so, i use the following code:
[Code]....
This way, the last activity date is updated and the IsUserLogedOn property is set to true, without the user actually enter the application (since it is a calculated value that depends on the last activity date). As a result, each time i click a user name to view his profile, the user seems to be loged in.
View 2 Replies
Aug 13, 2010
Hey I have a XML Feed which is sometimes slow to connect to making my front page quite slow to load sometimes.I load it as follows Try
[Code]....
How Can I set a timer on these i.e give it 5 secs if it doesnt load, just forget it and go straight to catch for example
View 1 Replies
Sep 19, 2010
i have a problem with the users authentication on my site. I made <authentication mode="Windows"> in my web.config. The LoginView shows "mycomputermyusername" if i request the page. So far as well. Now i want to login with a different username. Users are stored in an Active Directory. My questions: wich setting i have to do, that user's account and password checked by Active Directory? how can i force the system to make a new login? Logout doesn't work, i always see my on account.
View 1 Replies
Dec 23, 2010
I have develop a web application. I have put my web application in my server and user can access from any location.
My server regional and setting is English (US). Now my problem is
1) When user access to my system and his pc setting is English (UK), it will prompt and error
and after i debug i suspect it is because of Datetime conflict (dd/MM/yyyy and MM/dd/yyyy)
2) I cannot fix or limit my user to setting his/her pc regional setting to UK
So what can i do in my web application solve this issue?
(Can i write any code in my client side (.aspx) to convert or do standardization to US)
View 2 Replies
Mar 14, 2010
How would you troubleshoot a page that is rendering slowly in ASP.NET?
This issue is happening on only specific pages with a few user controls. Other pages work fine. Tracing has clarified that the issue is happening between "Begin Render" and "End Render".
View 3 Replies
Feb 16, 2011
I have developed a gridview which has 7,000 records with some filtering. However, theuser is compaining that it is too slow. It seems to me that if the records were stored in memory it would be much faster. This is caching, I think. Is that the case? Can you updaterecords this way? Can you cache with an Access database or do you have to use SQL Server? Can you think of any other ways to improve
View 11 Replies
Jul 21, 2010
I have a web application that authenticates against AD. On the first login attemt it takes roughly 30 seconds to login. On subsequent requests the login occurs almost immediatly. I've searched all over google and this forums and noticed several people with the problem and everyone seems to have a different solution of which none work for me.
[code]...
View 3 Replies
Apr 29, 2010
What are the differences between Membership.GetUser() and Context.User, and which is recommended for use in getting information about the current user?
View 2 Replies
Aug 23, 2010
I have an .aspx page with multiple .ascx (User Controls on it). One of the User controls is very slow in loading (calls a very slow webservice for the data.). Now, my question is how to render all the controls on the page (so the User can view those) and have a rotating icon for this control (slow one) (till it loads). I know, I need to bring AJAX into picture, but any clarification on that would help as I will be new to AJAX programming.
View 4 Replies
Jul 2, 2010
In application all sql connection close properly, Also when user log out its connection close still sql process memory increase in RAM and after some time Application slow down.
View 3 Replies
Jan 29, 2011
My web app has one main page, which is like a work bench. Within this work bench I have 3 placeholders that I load 3 different user controls into (only displaying one at a time). It works, and loads ok although it is very slow.
For instance; Each user control has a 'New' button. when I click this it takes anywhere from 3-10 seconds just to refresh the page, and display all the original default values.
I gues there is a lot of info being sent/returend to/from the server (The main workbench page, and the usercontol), but it still seems to be taking way too long. I have a customer using my application, and they have raised the issue, and have even experienced delays of around 30 seconds for simple tasks.
I have walked through my code with the debugger in vs2010 and nothing seems to take a long time. I have also used Firbug to try and find out what is going on, along with setting Trace="true" on the page to try and resolve the issue. Its all just numbers to me, I have no idea what is going on.
View 2 Replies
Oct 17, 2010
After setting the auth cookie using
FormsAuthentication.SetAuthCookie("myusername", False)
server.transfer("somepage.aspx") to open a web page.
Context.User.Identity.Name is found to be empty
But if I use
Response.Redirect("somepage.aspx")
Context.User.Identity.Name provides correct result.
I am aware of the differences between Response.Redirect and server.transfer. But exactly what is the reason behind this particular behaviour ?
View 1 Replies
Mar 3, 2011
I am trying to create a httphandler which will intercept a sample pdf file which we have in our website. The httphandler works fine from within my development machine and even my locally published website that if I just try to connect to the test url: [URL] I will get sent to the invalid access page. So pushing it to our IIS6 machine when I try to go to the URL it serves up the PDF document. context.User.Identity.IsAuthenticated is always showing as true. I'm using forms authentication. below is the code I am using as the handler.
public void ProcessRequest(HttpContext context)
{
if (context.User.Identity.IsAuthenticated)
{
string SampleURL = context.Request.AppRelativeCurrentExecutionFilePath;
context.Response.Buffer = true;
context.Response.Clear();
using (FileStream fs = new FileStream(HttpContext.Current.Server.MapPath(SampleURL),FileMode.Open))
{
int length = (int)fs.Length;
byte[] buffer;
using (BinaryReader br = new BinaryReader(fs))
{
buffer = br.ReadBytes(length);
}
context.Response.Clear();
context.Response.Buffer = true;
context.Response.ContentType = "application/pdf";
context.Response.BinaryWrite(buffer);
context.Response.End();
}
}
else
{
context.Response.Redirect(
"~/Error/invalid_access.aspx");
}}
in web.config I have the following for form authentication:
<authentication mode="Forms">
<forms name="Sample.Web" loginUrl="~/Security/" defaultUrl="~/default.aspx" protection="All" timeout="60" path="/" requireSSL="false" slidingExpiration="true" enableCrossAppRedirects="false" cookieless="UseDeviceProfile" domain="">
</forms>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
View 3 Replies
Mar 28, 2011
I'm banging my head against a wall here... can't get to the bottom of this issue. I have code that works fine when debugging in visual studio but breaks when deployed to both IIS 6 and IIS 7.5. Basically, it uses Process and ProcessStartInfo to start a program
(a command line tool, exe) and redirect the output to the web page. It uses the username and password properties of the ProcessStartInfo class to run the exe tool as a specific user. The tool requires admin privelages so I need to run it as such, but certianly don't want to run the IIS service or the asp.net app pool under an admin context.
No exception occurs when run on IIS, but it does not work, when trying to run on IIS 6 I get this error dialog: "The application failed to initialize properly (0xc0000142). Click on ok to terminate the application." It's obviously a security/config issue, but what specifically is the culprit? For IIS 6, an application pool was created for this, runs under 'network service', as usual, but again the process being started by the system.diagnostics.process class is run under a different account, which is an administrator account. For IIS 7.5, same thing,an app pool was created, so it runs under the 'iis appPoolNameOfPool' context.
View 6 Replies
Sep 3, 2010
I have an ASP.NET 2.0 web app which calls a one way web method on a web service. This web method contacts remote servers and pulls back config information to confirm the state of new server builds (settings etc) and inserts the collected data into a SQL database. The web app is supposed to pass through the callers kerberos ticket to the web service and then again to the newly built server which is being checked, all via impersonation and delegation using the calling users administrator privileges.
The trouble is, I just can't get the web service to run under the callers context. I have the SPN's set up, delegation turned on in the active directory objects for the computer running the web app and service and the worker process domain user service account. I have windows authentication on and impersonation set to true in both the web app and service's web.config, integrated authentication in IIS, and IE settings are all ok. All has been checked out and passes the tests in DelegConfig, but it still won't work.
It appears that any data that's is written to the database is written under the context of the web pool service account, and not the calling users, plus along with the fact that I get access denied messages when trying to collect data from the server says impersonation isn't working. Also, is it possible to run the checks under the calling users context, but write to the database with the web pool identity service account without specifying the user details in the web config?? I am working in a secure environment and we must user windows based accounts only, no SQL accounts.
View 1 Replies