Security :: Wrong User Being Recognized By HttpContext.Current.Request.LogonUserIdentity.Name?

Nov 30, 2010

I was/am struggling with security for my first MVC applicaiton. It worked out great for me, but not for my users. I wanted to use Windows Authentication (and I seem to have that working). But when I was still trying to implement it, I was on one of our users computers where they were logged in. I navigated to the main Index page and used the supplied MVC login link and *MY* credentials. So now every time that user navigates to that page, it logs her in as me. We are using IE8, I have deleted all the cookies, passwords, forms information I can fine through Tools|Internet Options|Tool|Content|AutoComplete.

View 6 Replies


Similar Messages:

Security :: HttpContext.Current.Request.LogonUserIdentity.Name Invalid After Rename?

Nov 30, 2010

I have IIS on S2k8 and a website with Windows Authentication only.

I can easily reproduce the following scenario, where HttpContext.Current.Request.LogonUserIdentity.Name has a bad value:

Login to website using FireFox, using an Active Directory account "user" (I could use IE to reproduce the same, but it's a few extra steps)Display <%=System.Web.HttpContext.Current.Request.LogonUserIdentity.Name%> on the pageIt shows "DOMAINuser", which is correctI go into Active Directory and rename the account to be "userX" instead of "user" (both SAMAccountName & UPN)Restart FireFoxLogin to website using "userX" accountThe page still shows "DOMAINuser", instead of the expected "DOMAINuserX"

It seems almost as if IIS has cached the old username and it's not showing me the new one, even though I explicitly enter it in the login prompt.

View 6 Replies

Security :: Httpcontext.current.user.identity.isauthenticated Always False?

Sep 7, 2010

I create two pages, the first one is the login page with user name and password textboxes - (not asp login control) , when clicking login button I check the login authentication, if it is true redirect to default page. in the default page if !IsCallBack then i check httpcontext.current.user.identity.isauthenticated

if it is false i redirect the user to the login page. but my problem is that the httpcontext.current.user.identity.isauthenticated is always false.

Below the section of authentication in web config

[code]....

View 5 Replies

Security :: HttpContext.Current.User.Identity.IsAuthenticated / Module Isn't Working

Jan 18, 2010

We have an SharePoint site no login (anonymous) with a search module using AJAX. Now the users complains that the module isn't working. When I check the code (not developed by me), I find that the code only runs if "HttpContext.Current.User.Identity.IsAuthenticated=true". Could that ever return true on an anonymous site?

View 1 Replies

C# - Differences Between Page.User.Identity Versus Request.LogonUserIdentity

Feb 2, 2010

What are the differences (behind the scenes) between Page.User.Identity and Request.LogonUserIdentity? Not the differences in type, name, etc but the differences in how they're implemented behind the scenes (i.e. one calls windows xxx api and the other calls asp.net xxx api...).

View 1 Replies

Where Is Origin Of HttpContext.Current.Request.Url.Host

Apr 28, 2010

Why does HttpContext.Current.Request.Url.Host return a different URL than the URL used in the Web browser? For example, when entering "www.someurl.com" in the browser, the HttpContext.Current.Request.Url.Host variable is equal to "www.someotherurl.com".

View 1 Replies

Get The Host Domain Name Without Using HttpContext.Current.Request?

Feb 1, 2010

I've got an ASP .Net application running on IIS7. I'm using the current url that the site is running under to set some static properties on a class in my application. To do this, I'm getting the domain name using this (insde the class's static constructor):

var host = HttpContext.Current.Request.Url.Host;

And it works fine on my dev machine (windows XP / Cassini). However, when I deploy to IIS7, I get an exception: "Request is not available in this context".

I'm guessing this is because I'm using this code in the static constructor of an object, which is getting executed in IIS before any requests come in; and Cassini doesn't trigger the static constructor until a request happens. Now, I didn't originally like the idea of pulling the domain name from the Request for this very reason, but it was the only place I found it =)

So, does anyone know of another place that I can get the host domain name? I'm assuming that ASP .Net has got to be aware of it at some level independent of HttpRequests, I just don't know how to access it.

View 3 Replies

Web Forms :: Get Server / Domain Name Without HttpContext.Current.Request.ServerVariables?

Jul 28, 2010

In an asynchronous process, I need to get the name of the domain/server the web application is running on. But in that situation HttpContext.Current is not available, so I cant use HttpContext.Current.Request.ServerVariables("SERVER_NAME").

View 7 Replies

HttpContext.Current.Request.UserHostName Is Empty When Called From A Class

Apr 15, 2010

I have various web pages that need to build up a URL to display or place it in an emitted email message. The code I inherited had this value for the name of the webserver in a Public Const in a Public Class called FixedConstants. For example:

Public Const cdServerName As String = "WEBSERVERNAME"

Trying to improve on this, I wrote this:

Public Class UIFunction
Public Shared myhttpcontext As HttpContext
Public Shared Function cdWebServer() As String
Dim s As New StringBuilder("http://")
Dim h As String
h = String.Empty
Try
h = Current.Request.ServerVariables("REMOTE_HOST").ToString()
Catch ex As Exception
Dim m As String
m = ex.Message.ToString() 'Ignore this should-not-occur thingy
End Try
If h = String.Empty Then
h = "SomeWebServer"
End If
s.Append(h)
s.Append("/")
Return s.ToString()
End Function

I've tried different things while debugging such as HttpContext.Current.Request.UserHostName and I always get an empty string which pumps out my default string "SomeWebServer". I know Request.UserHostName or Request.ServerVariables("REMOTE_HOST") works when invoked from a page but why does this return empty when invoked from a called method of a class file (i.e. UIFunction.vb)?

View 2 Replies

Asp.net - HttpContext.Current.Request.Url.AbsolutePath Return An Empty String?

Oct 6, 2010

When user requests http://localhost/WebApp1/Default.aspx, txtApplicationPath.Text should be assigned "/WebApp1", while txtAbsolutePath.Text should be assigned "http://localhost/WebApp1/Default.aspx", but instead both textboxes display empty strings.

[code]...

View 1 Replies

HttpContext.Current.User.Identity.Name With And Without Www?

Oct 20, 2010

am writing a web service in vb.net/asp.net 2, that needs user's name. It works fine when the url request is "www.mysite.com" but if any one has logged-in using "mysite.com" without a "www" and goes to the page that calls my web service, The HttpContext.Current.User.Identity.Name gives null. How can I resolve this problem?

View 2 Replies

C# - Set HttpContext.Current.User From Thread.CurrentPrincipal?

May 17, 2010

I have a security manager in my application that works for both windows and web, the process is simple, just takes the user and pwd and authenticates them against a database then sets the Thread.CurrentPrincipal with a custom principal. For windows applications this works fine, but I have problems with web applications.

After the process of authentication, when I'm trying to set the Current.User to the custom principal from Thread.CurrentPrincipal this last one contains a GenericPrincipal. Am I doing something wrong? This is my code:

Login.aspx

[code]....

View 5 Replies

System.ArgumentException While Setting HttpContext.Current.User

Sep 9, 2010

I am trying to configure one http module(a vb module) on MOSS site. In this module I have entry like below:

Dim roles As String() = Nothing
Dim webIdentity As New GenericIdentity(OracleUser, "Form")
Dim principal As New GenericPrincipal(webIdentity, roles)
HttpContext.Current.User = principal
System.Web.Security.FormsAuthentication.RedirectFromLoginPage(HttpContext.Current.User.Identity.Name.ToString, False)
Due to this I am getting 500 internal server and exception on browser is: Exception of type 'System.ArgumentException' was thrown.
Parameter name: encodedValue

If I comment "HttpContext.Current.User" related two lines then it redirect to form login.

View 1 Replies

C# - Storing Extended Identity In HttpContext.Current.User?

May 14, 2010

I have created an ExtendedId class which extends GenericIdentity. (This stores Id as well as name)

In a httpmodule I stored this extended id in Current.User like so:

HttpContext.Current.User = new GenericPrincipal(myExtendedId, roles);

Problem is, later, how do I get at my ExtendedId type again?

If I try this:

ExtendedId eId = (ExtendedId)HttpContext.Current.User.Identity;

View 2 Replies

MVC :: HttpContext.Current.Request.Url.Host Not Correct When Using Host Headers In IIS 7.5

Feb 24, 2011

I have one IIS entry with AppPool integrated mode. There are 5 or more host headers assigned. The application pulls data based on the host name from Request.Url.Host. When I have 2 or more sites open at the same time the value of the Request.Url.Host is the same across all the sites. About every 30 seconds it resets itself to the correct value from the last request and shows that value on the other sites. So ultimately the sites are loading the same data. The value in the HOST server variable is incorrect as well.

View 1 Replies

HttpContext.Current.User.Identity / Is Possible To Create Another Property Like 'userid'

Jul 8, 2010

is possible to create another property like 'userid' as i can access like

HttpContext.Current.User.Identity.userid ? if yes , how? (actualy last year i did something like this but i have forgotten

View 1 Replies

Security :: HttpContext.Session A Potentially Dangerous Request.QueryString Value Was Detected?

Sep 29, 2010

I have an ashx handler that was working fine in VS2008 but when I upgraded to VS2010 (haven't gone back to VS2008 to double check though) and when I try to grab the value from HttpContext.Request.Params["update"] I get the following error:

+ ex {"A potentially dangerous Request.QueryString value was detected from the client (update="<SETIProducts><Produ...")."}
System.Exception {System.Web.HttpRequestValidationException}

View 3 Replies

C# - Workaround For HttpContext.HideRequestResponse Being Internal? Detect If HttpContext.Request Is Really Available?

Apr 9, 2010

We're migrating an application to use IIS7 integrated mode. In library code that is designed to work either within the context of an HTTP request or not, we commonly have code like this:

if (HttpContext.Current != null &&
HttpContext.Current.Request != null) {
// do something with HttpContext.Current.Request
} else {
// do equivalent thing without HttpContext..
}

But in IIS7 integrated mode the check for HttpContext.Current.Request throws an exception whenever this code is called from Application_Start.

protected void Application_Start(object sender, EventArgs e)
{
SomeLibrary.DoSomethingWithHttpContextCurrentDetection();
}

Results in:

System.Web.HttpException: Request is not available in this context

How can I detect whether the request is really available without wrapping these calls in an exception handler and taking action based on whether an exception is generated or not.

Looking at HttpContext in Reflector I see it has an internal bool HideRequestResponse field but it's internal so I can only get to it with reflection and that's fragile. Is there a more official/approved way to determine if it's ok to call HttpContext.Request?

This blog post about the subject says not to use HttpContext, but how, in generic library code, can you determine if it's ok to use HttpContext?

http://mvolo.com/blogs/serverside/archive/2007/11/10/Integrated-mode-Request-is-not-available-in-this-context-in-Application_5F00_Start.aspx

I'm using the work-around mentioned there which is to use Application_BeginRequest and an initialized field to only initialize once as part of BeginRequest, but that has to be done in every calling application whereas I'd prefer to make the library code more robust and handle this situation regardless of where it's called from.

View 4 Replies

Access The Current Thread's Context Using HttpContext.Current?

Mar 11, 2010

I have a static class with serveral static methods. In these methods, I'm trying to access the current thread's context using HttpContext.Current. For example:

var userName = HttpContext.Current.User.Identity.Name;

However, when I do that, I receive a NullReferenceException, the infamous "Object reference not set to an instance of an object."

View 3 Replies

Vb.net - Request.LogonUserIdentity.Name Returns Server Credential Not The Users Credential

Feb 15, 2011

I am building a simple intranet site and want to get the employees user name, but when i use Request.LogonUserIdentity.Name , i keep getting the servers credentials and not the users. what am i doing wrong and is there a better way to do this.

View 1 Replies

Security :: HttpContext.User.Identity.Name Not Reflecting Updated Username?

Apr 29, 2010

We have an application using Windows authentication and have <Domain>olduser account.

We renamed the account in the active directory to <Domain>olduser2

Login to a pc as <Domain>olduser2 and try to access our application.

the problem is we can't login anymore.

when i debug the application, i can see that the HttpContext.User.Identity.Name is still <Domain>olduser.. and not olduser2

View 3 Replies

Security :: How To Prevent Creation Of User When Email Is Wrong

Mar 4, 2010

i use the CreateUserWizard in order to create users. Asp.net generates automatically a password which is sent to the user by email.

The emailaddress must be like this: firstname.name@ourdomain.be . If 'firstname.name' doesn't exist in our Exchange server ('ourdomain.be'), then:

1) the user is still created
2) the message page with: 'Mailbox unavailable. The server response was: 5.1.1 User unknown' appears

E.g: if user John Wayne introduces by error Jhn.Wayne@ourdomain.be , then this user must not be created, and only a simple Alert-message must appear.

I tried a lot of Try / Catch / Endtry but all my attempts fail: the user is always created and the whole message page appears. I also tried with CreateUserWizard1_SendMailError sub.1

Here the aspx file:

[Code]....

View 3 Replies

Difference Between ControllerContext.HttpContext.Session And HttpContext.Current.Session

Nov 23, 2010

i'm using an example in which i can fake the session.It's for use in a unittest of a mvc controller.In the test i create a controller and then i do this:

FakeHttpContext httpctx = new FakeHttpContext(null,null,null,null,mSessionItems );
ControllerContext ctx2 = new ControllerContext(httpctx,new RouteData(), target);

here mSessionItems is my session and target is my instance of a controller,and indeed, when i'm in a controller reading this.ControllerContext.HttpContext.Session, i have a session, great!but.... i also read the session outside the controller, and there i use HttpContext.Current.Session, and that is null (or actualy, the HttpContext.Current is null).

View 1 Replies

Security :: How To Lock The User With The 3 Times Entering The Wrong Password

May 20, 2010

How to lock the user with the 3 times entering the wrong password?

View 10 Replies

Relationship Between HttpContext.Request.Cookies And HttpContext.Response.Cookies

Nov 23, 2010

I have been experimenting with code that will clear all of the cookies in an HttpContext.Response.Initially, I used this:

DateTime cookieExpires = DateTime.Now.AddDays(-1);
for (int i = 0; i < HttpContext.Request.Cookies.Count; i++)
{
HttpContext.Response.Cookies.Add(
new HttpCookie(HttpContext.Request.Cookies[i].Name, null) { Expires = cookieExpires });
}

this will error with an OutOfMemoryException because the for loop never exits - each time you add a cookie to the Response, it also gets added to the `Request.

View 1 Replies







Copyrights 2005-15 www.BigResource.com, All rights reserved