Security :: User.Identity.Name In Global.asax
Jun 1, 2010
In the website we have several folders, some folders are accessible by anonymous users, others are accessible by members only, some by administrators or a both administrators and members can view this folder. Each folder contains some forms; these forms are based on the role as well. We'd like to add "user.identity" as to authenticate the user based on the user_id from table websit_ users.
However we are not sure , wither we need to specify each and every form, folder or this will be done automatically once authentication is applied. And where do we put the user.identity and what is the exact format of it. Do we include it in our Global.asax after the authentication part?! This is the code in global.asax:
[Code]....
View 1 Replies
Similar Messages:
Sep 30, 2010
When I am debugging an application in ASP.NET, after about ~5 minutes I get a NullRefEx coming from global.asax.cs regarding:
protected void Session_Start(Object sender, EventArgs e)
{
WindowsIdentity identity = null;
identity = (WindowsIdentity)(Context.User.Identity);
...
Context is Null at this point. I am a noob in ASP.NET with regards to Global.asax.cs. This code was written by another developer. EDIT: This is the code with HttpContext...
protected void Session_Start(Object sender, EventArgs e)
{
WindowsIdentity identity = null;
identity = (WindowsIdentity)(HttpContext.Current.User.Identity);
View 1 Replies
Dec 6, 2010
I have a custom provider for authenticaiton that is HTTP Module-based. IIS authentication and web.config authentication is configure to 'None' and allow anonymous. When I probe for User.Identity.Name in Session_Start, it is empty. However User.Identity.Name works elswhere in the application as expected (returns the current user id). Is it possibly during Session_Start no authentication request has been issued, therefore there is no principal at this moment?
View 1 Replies
Jan 3, 2010
i want to display current loged in username by global.asax
View 6 Replies
Feb 11, 2011
I have (pretty much) the following code in my protected void Application_Error(object sender, EventArgs e) method in Global.asax....
Exception ex = Server.GetLastError();
if (ex is
System.Security.SecurityException)
Response.Redirect("Logon.aspx");
else
Response.Redirect("ErrorPage.aspx");
If I navigate to a page before I log on the exception is caught and I am redirected to Login.aspx as I would expect. However, this is only working when debugging using VS on my local machine.When uploaded to the live environment, the exception is not caught and the user is presented with "Security Exception - Request for principal permission failed."
View 1 Replies
Feb 22, 2011
What should be done if I want to redirect a user based on their ISO Codes?
And how should I detect a website user's IS Code in the first place? Like I know there are these server variables that we use to detect Client IP and all (HTTP_FORWARDED_FOR, REMOTE_ADDRESS, etc) but information about them on the many sites that I have read has got me confused about what to use. Like some say there can be comma separated IPs returned by HTTP_FORWARDED_X and out of those IPs , one is not sure which is the real IP and which are the proxy addresses. Also, that all the IP addresses in returned can be fake.
How to I fetch the REAL IP Address of a person? Like I only want to know what country a particular person is sitting so I can redirect the user accordingly. Secondly lets say a person is sitting in US then I want the user to be redirected to [URL] If a person is visiting my site from Germany, [URL] is the address that I want the person to be redirected to.Also if DE is the ISO Code then I want my GermanMaster.master page to load and if its US then I want that the USMaster.master should load.
So how do I fetch a user's not fake IP address, redirect a user based on that ISO code and then load a master page according to the ISO Code.
How do I go about it? I haven't ever worked with Global.asax before so clueless how to go about it all.
View 3 Replies
Jun 29, 2010
Here's my environment,Win2003 Standard SP2, IIS 6.0, MOSS 2007, .NET 2.0.50727
IIS website uses MOSS 2007 "Team Site" template and has only IWA enabled. Web.config has Windows auth w/ Impersonation:
<authentication mode="Windows" />
<identity impersonate="true" />[code]...
I'm using the KerbS4U extension to create a new WindowsIdentity which is then used to create a WindowsPrincipal for the new/overriding user:[Code]....
These succeed and I set the new principal to HttpContext.Current.User & Thread.CurrentPrincipal without errors. I've defined both Application_AuthenticateRequest() and Application_PostAuthenticateRequest() functions in global.asax. These show the "new" Identity
in the HttpContext.Current.User & Thread.CurrentPrincipal, but the "Welcome <DOMAINusername>" in the upper-right menu of the default.aspx homepage itself still shows the name from the initial IWA!
I was able to get the "Welcome <name>" to reflect the new user only when using GenericIdentity and GenericPrincipal, but this is a problem as I need to use impersonation to backend services (which can be done using constrained delegation using KerbS4U).
View 2 Replies
Feb 1, 2010
My ASP.NET intranet web application uses Windows Authentication, and I would like to record the following details:
1) Windows ID
2) Session Start Time
3) Session Stop Time
4) URL being browsed to (optional)
I've got some basic code setup in "Session_Start" method of the Global.ASAX to log session start times (seen below), but that's it so far. I have the feeling this is a primitive approach and there are "better" ways of doing this. So I really have two questions:
1) Is this the right way to go about doing this? If not what are some other options?
2) If this is the right way, do I just need to drop some code in the "Session_End" method to record the time they exit, and thats a complete solution? Does this method always get called when they close the browser tab they have the site open in, or do they have to close the entire browser (I don't have logout functionality)? Any way users can skip over this session end method (or start for that case)?
Dim connsql As New System.Data.SqlClient.SqlConnection(ConfigurationManager.ConnectionStrings("MyConnectionstring").ConnectionString)
Dim cmdsql As System.Data.SqlClient.SqlCommand = connsql.CreateCommand
cmdsql.CommandText = "BeginUserSession"
cmdsql.CommandType = Data.CommandType.StoredProcedure
Try
cmdsql.Parameters.Add("@windowsid", System.Data.SqlDbType.VarChar, 30, "windowsid")
cmdsql.Parameters("@windowsid").Value = Session("UserInfo").identity.name
If connsql.State <> System.Data.ConnectionState.Open Then connsql.Open()
cmdsql.ExecuteNonQuery()
connsql.Close()
Catch ex As Exception
Finally
If connsql.State <> Data.ConnectionState.Closed Then connsql.Close()
End Try
'Stored Proc records start time
View 3 Replies
Feb 8, 2011
I know there is a couple answered questions on here regarding "request scoped" globals, but I want to nit-pick on something specifically and maybe squeeze some extra enlightenment out of one or two of you.I have an ASP.NET C# Website and a static Dictionary of objects (loaded from DB once on Application start). Each page request will need to do a lookup in the Dictionary (based on a key derived from the request url/etc) and get the appropriate object.The issue is I'm trying to maximize efficiency by reducing the lookups to the Dictionary per Request. Doing just a single lookup within a Page itself is easy enough and I can pass the object to sub controls, etc too.. but global.asax is separate from the Page and it also needs to use the object (in Application_BeginRequest and Session_Start).
So is doing a Dictionary lookup once in Application_BeginRequest, once (when necessary) in Session_Start and once in the Page negligible speed wise, even if there are many requests coming in every second?I would like it if I could just have a Request scoped global variable that I can easily call upon.. the only one I see available though is HttpContext.Current.Items and that is a Dictionary itself.Am I beingridiculously nit-picky with my concern over efficiency? or will these milliseconds (nanoseconds?) get me in the long run when more and more requests are being made?
PS. I currently only have around 100 objects in the Dictionary although this may increase in the future.
View 2 Replies
Nov 19, 2010
I have identity impersonate = true in the Web.config file. I have integrated security = true in the DB connection string in the Web.config file.Before identity impersonate was true,users were able to access the DB through the web service account (seemingly).Now I get an error which says " Login failed for ... " because I am aware there is no specific account for that user in the permissions for that DB instance.I needed to set identity impersonate = true because the web service does not have access to the Active Directory,which I need to retrieve certain user information.
My question is,does identity impersonate = true override the integrated security and attempt to user the authenticated user's account to connect to the DB? Is there a simple way to prevent this in the Web.config itself?If not,would programatically impersonating the user within the Active Directory query functions and setting identity impersonate = false do the trick here?
View 2 Replies
Dec 23, 2010
I have implemented Forms authentication in an ASP.NET MVC 2 website
By using <%: Page.User.Identity.Name %> on the Site.Master page I can display the userid of the logged in user.
I would like to use this value and display other information about the user that is stored in a User table in a MsSQL database, like:
<%: GetFirstname(Page.User.Identity.Name) %>
View 2 Replies
Mar 4, 2010
Is there a simple way to just retrieve the user's name, and not the Domain name, when using this function:
string quizTaker = Page.User.Identity.Name.ToString();
Right now it returns "DOMAIN_NAMEUserName"
I would like to just use isolate and use the user's name, without the Domain name.
View 2 Replies
Oct 7, 2010
what is the use formsAuthentication.user.identity
is it one of the property of page
View 1 Replies
Jan 6, 2011
I am using form authentication in my website. I have a scenario wherein the user is authenticated but the session has timed out. So, i would like to initialize some session variables in Session_Start of Global.asax (First i check if Request.IsAuthenticated=True). For that i required the name of the user who authenticated. On .aspx pages we can get it using Page.User.Identity.Name but how to get it in global.asax page.
View 1 Replies
Apr 23, 2010
I wanted to be able, as an administrator, to create new users using the createuser wizard. When I use the wizard to add a new user, however, I end up logged in as that user, instead of as my admin account. How do I prevent from being logged in as the user I just created?
View 2 Replies
Feb 26, 2010
I'm in the middle of moving a web application from IIS6 to IIS7. I've enabled "Windows Authentication" and added <deny users="?" /> to the authorization section of my web.config file. When the app was running on IIS6 my users where able to access the web app without logging in because their windows login was automatically recognized. This does not seem to be the case in II7. I can not get a value for "Current.User.Identity.Name" in my ASP.Net code.
View 1 Replies
Mar 17, 2011
Once the client is logged in, do I have access to their GUID via something like
User.Identity.Name
View 2 Replies
Jul 29, 2010
I have an aspx page which displays a user's details in a Label. It takes their User.Identity.Name and queries Active Directory using the following code:
[Code]....
View 1 Replies
Feb 10, 2010
I have created an asp.net site with anonymous access turned off. Its for an internal (intranet) system which uses User.Identity.Name.ToString() to get the users login windows ID and then displays some records from a datagrid depending on their login ID. Is this secure? Also i am struggling to workout how best to store the result of User.Identity.Name.ToString() as I am not keen on storing it in a hidden text field and would rather not call it all the time unless this is the best way?
View 3 Replies
Jan 18, 2010
when ever i check User.Identity.AuthenticationType the returned string is 'Custom' always, doesn't matter my authentication type is 'Windows' or '''Forms'.
I want to do some different coding in aspx.cs for windows and forms authentication, but i am unable to differentiate between them because 'User.Identity.AuthenticationType' always returns 'Custom'.
View 3 Replies
Jun 13, 2010
To avoid going to the Databse to get the user Id, Id like to append userId to the Context.User.Idenity.name field. This way I can split the returned string to get the UserId without going to the database.
Where can I do this when using the login controls?
Is there some event handler where I can add:
FormsAuthentication.SetAuthCookie(NamePlusUserID, false);
View 1 Replies
Feb 26, 2010
how can we use global.asax in asp.net? and what is that?
View 4 Replies
Jun 20, 2010
Is it possible in the global.asax file on session_start to check if a url string exists and it it does insert the string into a sql database? The url would be something link http://www.mysite.com?campaign=january.
I would want to capture the january bit and put that in the database for each visitor that uses that url.
View 3 Replies
Sep 7, 2010
I create two pages, the first one is the login page with user name and password textboxes - (not asp login control) , when clicking login button I check the login authentication, if it is true redirect to default page. in the default page if !IsCallBack then i check httpcontext.current.user.identity.isauthenticated
if it is false i redirect the user to the login page. but my problem is that the httpcontext.current.user.identity.isauthenticated is always false.
Below the section of authentication in web config
[code]....
View 5 Replies
Apr 29, 2010
We have an application using Windows authentication and have <Domain>olduser account.
We renamed the account in the active directory to <Domain>olduser2
Login to a pc as <Domain>olduser2 and try to access our application.
the problem is we can't login anymore.
when i debug the application, i can see that the HttpContext.User.Identity.Name is still <Domain>olduser.. and not olduser2
View 3 Replies
