Security :: Get Logged In Online User List By Global.asax?
Jan 3, 2010i want to display current loged in username by global.asax
View 6 Repliesi want to display current loged in username by global.asax
View 6 RepliesI have a custom provider for authenticaiton that is HTTP Module-based. IIS authentication and web.config authentication is configure to 'None' and allow anonymous. When I probe for User.Identity.Name in Session_Start, it is empty. However User.Identity.Name works elswhere in the application as expected (returns the current user id). Is it possibly during Session_Start no authentication request has been issued, therefore there is no principal at this moment?
View 1 RepliesIn the website we have several folders, some folders are accessible by anonymous users, others are accessible by members only, some by administrators or a both administrators and members can view this folder. Each folder contains some forms; these forms are based on the role as well. We'd like to add "user.identity" as to authenticate the user based on the user_id from table websit_ users.
However we are not sure , wither we need to specify each and every form, folder or this will be done automatically once authentication is applied. And where do we put the user.identity and what is the exact format of it. Do we include it in our Global.asax after the authentication part?! This is the code in global.asax:
[Code]....
I have (pretty much) the following code in my protected void Application_Error(object sender, EventArgs e) method in Global.asax....
Exception ex = Server.GetLastError();
if (ex is
System.Security.SecurityException)
Response.Redirect("Logon.aspx");
else
Response.Redirect("ErrorPage.aspx");
If I navigate to a page before I log on the exception is caught and I am redirected to Login.aspx as I would expect. However, this is only working when debugging using VS on my local machine.When uploaded to the live environment, the exception is not caught and the user is presented with "Security Exception - Request for principal permission failed."
In my web application.... I want chat with all the user are online. How to get the user and how to chat with each other .... I want to integrate chatting option in my website.
View 1 RepliesWhat should be done if I want to redirect a user based on their ISO Codes?
And how should I detect a website user's IS Code in the first place? Like I know there are these server variables that we use to detect Client IP and all (HTTP_FORWARDED_FOR, REMOTE_ADDRESS, etc) but information about them on the many sites that I have read has got me confused about what to use. Like some say there can be comma separated IPs returned by HTTP_FORWARDED_X and out of those IPs , one is not sure which is the real IP and which are the proxy addresses. Also, that all the IP addresses in returned can be fake.
How to I fetch the REAL IP Address of a person? Like I only want to know what country a particular person is sitting so I can redirect the user accordingly. Secondly lets say a person is sitting in US then I want the user to be redirected to [URL] If a person is visiting my site from Germany, [URL] is the address that I want the person to be redirected to.Also if DE is the ISO Code then I want my GermanMaster.master page to load and if its US then I want that the USMaster.master should load.
So how do I fetch a user's not fake IP address, redirect a user based on that ISO code and then load a master page according to the ISO Code.
How do I go about it? I haven't ever worked with Global.asax before so clueless how to go about it all.
Here's my environment,Win2003 Standard SP2, IIS 6.0, MOSS 2007, .NET 2.0.50727
IIS website uses MOSS 2007 "Team Site" template and has only IWA enabled. Web.config has Windows auth w/ Impersonation:
<authentication mode="Windows" />
<identity impersonate="true" />[code]...
I'm using the KerbS4U extension to create a new WindowsIdentity which is then used to create a WindowsPrincipal for the new/overriding user:[Code]....
These succeed and I set the new principal to HttpContext.Current.User & Thread.CurrentPrincipal without errors. I've defined both Application_AuthenticateRequest() and Application_PostAuthenticateRequest() functions in global.asax. These show the "new" Identity
in the HttpContext.Current.User & Thread.CurrentPrincipal, but the "Welcome <DOMAINusername>" in the upper-right menu of the default.aspx homepage itself still shows the name from the initial IWA!
I was able to get the "Welcome <name>" to reflect the new user only when using GenericIdentity and GenericPrincipal, but this is a problem as I need to use impersonation to backend services (which can be done using constrained delegation using KerbS4U).
I have below code to display "list of all the online users" inside listBox using Membership function.
Code:
protected void Page_Load(object sender, EventArgs e) {
if (!IsPostBack) {
MembershipUserCollection allUser = Membership.GetAllUsers(); // to get all the users
List<MembershipUser> onlineUsers = new List<MembershipUser>(); //creating list of online users
foreach (MembershipUser user in allUser)
[Code] ....
I want to remove that user from the list of online users, who himself has logged in. Example: if I had logged-in with UserName: Admin, then this Admin should not show to me in the list of "online users"
Tried below Code but not working:
protected void Page_Load(object sender, EventArgs e) {
if (!IsPostBack) {
MembershipUserCollection allUser = Membership.GetAllUsers(); // to get all the users
List<MembershipUser> onlineUsers = new List<MembershipUser>(); //creating list of online users
MembershipUser m_user = Membership.GetUser(); //to get self logged-in user
[Code] ....
When I am debugging an application in ASP.NET, after about ~5 minutes I get a NullRefEx coming from global.asax.cs regarding:
protected void Session_Start(Object sender, EventArgs e)
{
WindowsIdentity identity = null;
identity = (WindowsIdentity)(Context.User.Identity);
...
Context is Null at this point. I am a noob in ASP.NET with regards to Global.asax.cs. This code was written by another developer. EDIT: This is the code with HttpContext...
protected void Session_Start(Object sender, EventArgs e)
{
WindowsIdentity identity = null;
identity = (WindowsIdentity)(HttpContext.Current.User.Identity);
My ASP.NET intranet web application uses Windows Authentication, and I would like to record the following details:
1) Windows ID
2) Session Start Time
3) Session Stop Time
4) URL being browsed to (optional)
I've got some basic code setup in "Session_Start" method of the Global.ASAX to log session start times (seen below), but that's it so far. I have the feeling this is a primitive approach and there are "better" ways of doing this. So I really have two questions:
1) Is this the right way to go about doing this? If not what are some other options?
2) If this is the right way, do I just need to drop some code in the "Session_End" method to record the time they exit, and thats a complete solution? Does this method always get called when they close the browser tab they have the site open in, or do they have to close the entire browser (I don't have logout functionality)? Any way users can skip over this session end method (or start for that case)?
Dim connsql As New System.Data.SqlClient.SqlConnection(ConfigurationManager.ConnectionStrings("MyConnectionstring").ConnectionString)
Dim cmdsql As System.Data.SqlClient.SqlCommand = connsql.CreateCommand
cmdsql.CommandText = "BeginUserSession"
cmdsql.CommandType = Data.CommandType.StoredProcedure
Try
cmdsql.Parameters.Add("@windowsid", System.Data.SqlDbType.VarChar, 30, "windowsid")
cmdsql.Parameters("@windowsid").Value = Session("UserInfo").identity.name
If connsql.State <> System.Data.ConnectionState.Open Then connsql.Open()
cmdsql.ExecuteNonQuery()
connsql.Close()
Catch ex As Exception
Finally
If connsql.State <> Data.ConnectionState.Closed Then connsql.Close()
End Try
'Stored Proc records start time
I know there is a couple answered questions on here regarding "request scoped" globals, but I want to nit-pick on something specifically and maybe squeeze some extra enlightenment out of one or two of you.I have an ASP.NET C# Website and a static Dictionary of objects (loaded from DB once on Application start). Each page request will need to do a lookup in the Dictionary (based on a key derived from the request url/etc) and get the appropriate object.The issue is I'm trying to maximize efficiency by reducing the lookups to the Dictionary per Request. Doing just a single lookup within a Page itself is easy enough and I can pass the object to sub controls, etc too.. but global.asax is separate from the Page and it also needs to use the object (in Application_BeginRequest and Session_Start).
So is doing a Dictionary lookup once in Application_BeginRequest, once (when necessary) in Session_Start and once in the Page negligible speed wise, even if there are many requests coming in every second?I would like it if I could just have a Request scoped global variable that I can easily call upon.. the only one I see available though is HttpContext.Current.Items and that is a Dictionary itself.Am I beingridiculously nit-picky with my concern over efficiency? or will these milliseconds (nanoseconds?) get me in the long run when more and more requests are being made?
PS. I currently only have around 100 objects in the Dictionary although this may increase in the future.
i am using membership classes,,, i want to fetch the list of users who are online based on a condition... the condition is that i want to fetch the users with a specified userids... eg i have 10 user's userids and i want to check which of these users are online..
View 6 RepliesI need to know to get current online user list. How can I achieve. I am using membership concepts that is asp login control.
View 1 RepliesWe are using membership provider for LDAP authentication. It is working as it should.
But what all configuration settings I have to do so that
all the future requests to this application run under the security context of the Logged in user account not through the some default user set in IIS.
We need to have this working because all the permissions on the database are based on the logged in user.
We are using form authentication for LDAP authentication. And having impersonation = true in web.config.
I deployed a website where a logged user or an anonymous user can select data and download a XML file. The website generate the XML file in the server and then deliver it.
It works fine in my development environment, but after deployment, the anonymous user can download the file, but the logged user receive this error:
System.UnauthorizedAccessException: Access to the path 'd:HostsLocalUserheringerwebsiteUpload20110107094051.xml' is denied.
It is weird that as anonymous i can do it.
The website server help states this:
"Grant write, modify, delete access rights on website's folder
Your website executes under unique user account that by default has full control over the website's folder.
So your application can create, open, read, write and delete files and folders inside of your root folder.
There is no need and no way to change this permissions.
If, when running ASP.Net application, you still unable to create file or update it, you have to check your Web.Config file for "<Identity impersonate..." tag and remove it.
The only exception is when the application tries to modify a file or folder in "Application_Start" event of Global.asax file. This is by design that user authenticated only after the Application_Start even. Before the user is authenticated your website runs under an identity of Application Pool which is "Network services". That account doesn't have access to the folder of your website.
To make it work you eather have to move the code that tries to modify files or folders out of the "Application_Start" event of the Global.asax file or inside the event you'll need to impersonate your user by code."
But i am not using impersonate and the tag is not in my web.config.
in order to prepopulate some user information, i used query to search the sharepoint list. my question is how to search loggin user's info in the list. i used following testing query function. it works fine. however, it can only search specific text, cannot be changed according different user.
[Code]....
Our users are only only allowed to log into our site from one location at a time. If they attempt to login from a second location, how do I log them out of the first location?
View 1 RepliesI am using form authentication in my website. I have a scenario wherein the user is authenticated but the session has timed out. So, i would like to initialize some session variables in Session_Start of Global.asax (First i check if Request.IsAuthenticated=True). For that i required the name of the user who authenticated. On .aspx pages we can get it using Page.User.Identity.Name but how to get it in global.asax page.
View 1 RepliesI have been creating a website using the SQLMembershipProvider. I have been using an administration account to create the back-end system for generating the users fine for about 2 weeks. I now have more users created and I can log in fine. However, when I log in as the newly created users, they can get to the page they are after, but if they refresh the page or redirect to another page, they get redirected to the login page. I have checked permissions, iis recycler, session state and security setting in my web.config (posted below) but nothing has fixed it. It cannot be IIS because it does it on my development machine as well as on the actual webserver and it works fine for the admin user.
Ttype="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
<section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
[code]...
I have used membership provider to implement my system. The system administrator can list the users. What I want to do is, administrator should be able to sign-in as the selected user. I can sign out administrator by FormsAuthentication.Signout but how can I sign in as the selected user? Passwords are hashed so I can not retrieve the passwords.
View 3 RepliesI've successfully made a custom membership provider that connects, queries, and updates my custom Oracle database. I found a good sample on MSDN. I also found documentatio on the provider itself. However, I cannot find anywhere example calls you have to make for the different actions within the web pages themselves. Where can I find that?
For example
How do I check if a user is already logged in? What do I do when a user hits the login button? How does each page get the user that is logged in? etc.I am not using the asp login control. I have custom form, custom data, and custom graphics.
All I'm trying to do is pull the current user's login name from Active Directory. I've tried User.Identity.Name.ToString, which returned nothing at all. I tried Environment.UserName.ToString, Which returned "NETWORK SERVICE" which is not the firstname.lastname username that I was expecting.
View 3 RepliesI have one application for collection centres in the city in which ADMIN will have access to all pages in it.In which I have added functionality for admin to see Online users/offline users collection and there collection center name.How can i see the users online automatically when they will be logged in on application.Like we all see in google talk, yahoo messanger, etc like that onlyI also want to keep the option like whether to view only online user or offline users etc.I have tried the following code for getting the Ip address for the computer..But I am unable find how user should be shown as active
ip=Request.ServerVariables("HTTP_X_FORWARDED_FOR") ;
if (!string.IsNullOrEmpty(ip))
{
[code]...
If a user who is logged in wants to delete his own account, why does login status still show him loggedIn even when user has been actually deleted.What I want is when user deletes his account he should get logged out also at the same time ....How do i log him out ?
[Code]....
Line 25: Call deleteSelectedUser()Line 26: Line 27: If User.Identity.Name = LstBoxUserList.SelectedItem.Text ThenLine 28: FormsAuthentication.SignOut()Line 29: Call deleteSelectedUser()
I'm using the defualt membership provider, i created a table and used the gridview on the logged in user page to show his information such as address e-mail phone zip code etc,, how can i do this without writing a code?
View 6 Replies