Security :: Httpcontext.current.user.identity.isauthenticated Always False?

Sep 7, 2010

I create two pages, the first one is the login page with user name and password textboxes - (not asp login control) , when clicking login button I check the login authentication, if it is true redirect to default page. in the default page if !IsCallBack then i check httpcontext.current.user.identity.isauthenticated

if it is false i redirect the user to the login page. but my problem is that the httpcontext.current.user.identity.isauthenticated is always false.

Below the section of authentication in web config

[code]....

View 5 Replies


Similar Messages:

Security :: HttpContext.Current.User.Identity.IsAuthenticated / Module Isn't Working

Jan 18, 2010

We have an SharePoint site no login (anonymous) with a search module using AJAX. Now the users complains that the module isn't working. When I check the code (not developed by me), I find that the code only runs if "HttpContext.Current.User.Identity.IsAuthenticated=true". Could that ever return true on an anonymous site?

View 1 Replies

Security :: IIS7 Recycle Results In Context.User.Identity.IsAuthenticated = False?

Nov 22, 2010

I need an app pool recycle to be completely transparent to the users of my web app. I use ASP.NET 3.5 MVC 1.

Currently, upon an IIS 7 App Pool recycle all users logged into my web app are kicked out and are required to log back in (Context.User.Identity.IsAuthenticated is set to false). I employ SQL State Server, I use forms authentication and both are configured to use cookies. I was under the impression that .NET and/or IIS handles authentication of cookies.

However, every time the app pool is recycled Context.User.Identity.IsAuthenticated is set to false my users are kicked out and are required to log back in. I can see that the session id remains the same throughout logins, I can also view this session information in the database/state server.

Logon method:

[Code]....

Custom Controller Attribute:

[Code]....

WebConfig:

[Code]....

View 1 Replies

HttpContext.Current.User.Identity.Name With And Without Www?

Oct 20, 2010

am writing a web service in vb.net/asp.net 2, that needs user's name. It works fine when the url request is "www.mysite.com" but if any one has logged-in using "mysite.com" without a "www" and goes to the page that calls my web service, The HttpContext.Current.User.Identity.Name gives null. How can I resolve this problem?

View 2 Replies

C# - Storing Extended Identity In HttpContext.Current.User?

May 14, 2010

I have created an ExtendedId class which extends GenericIdentity. (This stores Id as well as name)

In a httpmodule I stored this extended id in Current.User like so:

HttpContext.Current.User = new GenericPrincipal(myExtendedId, roles);

Problem is, later, how do I get at my ExtendedId type again?

If I try this:

ExtendedId eId = (ExtendedId)HttpContext.Current.User.Identity;

View 2 Replies

HttpContext.Current.User.Identity / Is Possible To Create Another Property Like 'userid'

Jul 8, 2010

is possible to create another property like 'userid' as i can access like

HttpContext.Current.User.Identity.userid ? if yes , how? (actualy last year i did something like this but i have forgotten

View 1 Replies

Security :: User.Identity.IsAuthenticated Returns True But Session Has Expired

May 24, 2010

I have a page where, when the user has successfully logged in, I store some values in the session.

I then use these values to load an application list page. This page is automatically refreshed after 20.1 minutes, with the sessionstate timeout and forms timeout in web.config set to 20 minutes (with sliding expiration). This means, if the user does not use any page for more than 20 minutes, he is timed out.

My problem is that the User.Identity.IsAuthenticated sometimes returns true, when the session has expired.

Why is this happening, and how can I fix it?

View 3 Replies

Security :: HttpContext.User.Identity.Name Not Reflecting Updated Username?

Apr 29, 2010

We have an application using Windows authentication and have <Domain>olduser account.

We renamed the account in the active directory to <Domain>olduser2

Login to a pc as <Domain>olduser2 and try to access our application.

the problem is we can't login anymore.

when i debug the application, i can see that the HttpContext.User.Identity.Name is still <Domain>olduser.. and not olduser2

View 3 Replies

Context.User.Identity.IsAuthenticated Always Authenticated?

Mar 3, 2011

I am trying to create a httphandler which will intercept a sample pdf file which we have in our website. The httphandler works fine from within my development machine and even my locally published website that if I just try to connect to the test url: [URL] I will get sent to the invalid access page. So pushing it to our IIS6 machine when I try to go to the URL it serves up the PDF document. context.User.Identity.IsAuthenticated is always showing as true. I'm using forms authentication. below is the code I am using as the handler.

public void ProcessRequest(HttpContext context)
{
if (context.User.Identity.IsAuthenticated)
{
string SampleURL = context.Request.AppRelativeCurrentExecutionFilePath;
context.Response.Buffer = true;
context.Response.Clear();
using (FileStream fs = new FileStream(HttpContext.Current.Server.MapPath(SampleURL),FileMode.Open))
{
int length = (int)fs.Length;
byte[] buffer;
using (BinaryReader br = new BinaryReader(fs))
{
buffer = br.ReadBytes(length);
}
context.Response.Clear();
context.Response.Buffer = true;
context.Response.ContentType = "application/pdf";
context.Response.BinaryWrite(buffer);
context.Response.End();
}
}
else
{
context.Response.Redirect(
"~/Error/invalid_access.aspx");
}}

in web.config I have the following for form authentication:

<authentication mode="Forms">
<forms name="Sample.Web" loginUrl="~/Security/" defaultUrl="~/default.aspx" protection="All" timeout="60" path="/" requireSSL="false" slidingExpiration="true" enableCrossAppRedirects="false" cookieless="UseDeviceProfile" domain="">
</forms>
</authentication>
<authorization>
<deny users="?"/>
</authorization>

View 3 Replies

MVC :: Forms Authentication User.Identity.IsAuthenticated And Cookie?

Feb 9, 2010

I am using forms authentication and have an issue with a particular browser using the remember me feature. For various reasons I want to support the opera browser that works with the nintendo dsi. I can use forms authentication with that browser just fine but when I use the remember me (cookie) feature I can get through the login but then calls to User.Identity.IsAuthenticated return false. If I do not check remember me it works fine. Initially I thought the browser didn't support cookies but it does. At least I can go to m.gmail.com and check their version of remember me and it works. I can exit the browser and come back in and m.gmail.com remembers me. Also I don't have problems with remember me on any other browser I have tried.

Is anyone aware of some specific browser issue that doesn't work with asp.net forms authentication? I am using asp.net mvc but I doubt that matters.

View 3 Replies

Security :: Wrong User Being Recognized By HttpContext.Current.Request.LogonUserIdentity.Name?

Nov 30, 2010

I was/am struggling with security for my first MVC applicaiton. It worked out great for me, but not for my users. I wanted to use Windows Authentication (and I seem to have that working). But when I was still trying to implement it, I was on one of our users computers where they were logged in. I navigated to the main Index page and used the supplied MVC login link and *MY* credentials. So now every time that user navigates to that page, it logs her in as me. We are using IE8, I have deleted all the cookies, passwords, forms information I can fine through Tools|Internet Options|Tool|Content|AutoComplete.

View 6 Replies

Security :: Unable To Retrieve Current.User.Identity.Name In II7

Feb 26, 2010

I'm in the middle of moving a web application from IIS6 to IIS7. I've enabled "Windows Authentication" and added <deny users="?" /> to the authorization section of my web.config file. When the app was running on IIS6 my users where able to access the web app without logging in because their windows login was automatically recognized. This does not seem to be the case in II7. I can not get a value for "Current.User.Identity.Name" in my ASP.Net code.

View 1 Replies

Web Forms :: Sequence Order For Page.IsPostBack And User.Identity.IsAuthenticated?

Apr 22, 2010

What is the best sequence order for Page.IsPostBack and User.Identity.IsAuthenticated? From what I have search for, this comes up most common:

If Not Page.IsPostBack Then
If User.Identity.IsAuthenticated Then
~Some kind of code~
End If
End If

Is this considered "best practice" or can the two items - Page.IsPostBack and User.Identity.IsAuthenticated -be split into their own sections so the fuctions of these can be independent of each other?I am trying to troubleshoot a placeholder that disappears from a master page when a content page button is pressed to change the content pages active view (I have a multiview w/ 5 views inside of it).

View 2 Replies

Security :: Forms Authentication Cookie Not Changing Current User Identity

Jan 21, 2010

I am having a problem with security in a web application I am building using Visual Web Developer 2008. I am using Forms Authentication:

<authentication mode="Forms">
<forms name=".MYAUTH" timeout="20" enableCrossAppRedirects="true" />
</authentication>

And a SQL Server database with ASP.NET Membership and Roles. I am using the LoginView control with the AnonymousTemplate and LoggedInTemplate to manage the user's interaction with logging in and out. The problem I am having is that I am authenticating the user against the database:

If Membership.ValidateUser(_userName, _txtLoginPass.Text)
Then returns True and:
FormsAuthentication.SetAuthCookie(_userName, False)
sets the cookie correctly:
FormsAuthentication.Decrypt(FormsAuthentication.GetAuthCookie(_userName, False).Values(0))
{System.Web.Security.FormsAuthenticationTicket} CookiePath: "/"
Expiration: #1/21/2010 1:42:27 PM#
Expired: False
IsPersistent: False
IssueDate: #1/21/2010 1:22:27 PM#
Name: "jaymo "
UserData: ""
Version: 2
but when I check
HttpContext.Current.User.Identity.IsAuthenticated it always returns False.
If done this before and it worked fine. I cannot find any mistake I might have made or where something might have changed between ASP.NET 2.0 and 3.5.

View 2 Replies

AJAX :: HTTPCONTEXT.USER.IDENTITY.USER Return As String In WCF Returns No Value?

Mar 2, 2010

I have created a web services (WCF) and i have a webmethod that return a string that string is a HTTPCONTEXT.USER.IDENTITY.USER unfortunately it does not return any value.

View 9 Replies

Page.User.Identity.IsAuthenticated Returns Object Reference Not Set To Instance Of Object?

Dec 23, 2010

this works fine on my local site but as soon as i upload the site to my live server i get stem.NullReferenceException: Object reference not set to an instance of an object

on the first line of this:

if (!Page.User.Identity.IsAuthenticated)
{
pnlSignIn.Visible = true;
pnlSignOut.Visible = false;
}

View 1 Replies

If User.Identity.IsAuthenticated Then... Object Reference Not Set To An Instance Of An Object?

Jan 2, 2010

this problem is baffling me. I have a custom class that all my pages inherit from

Public Class Page : Inherits Page
Private Sub Page_Load(ByVal sender As Object, ByVal e As EventArgs) Handles Me.Load
Display Admin Controls (Buttons) '

[code]...

View 2 Replies

Security :: Identity Impersonate - False And IIS In Windows Mode

Feb 21, 2011

I have a webpage stored on a local server (Site A) which when I browse to it is given my windows account details, this site then checks within AD to get my email address. My email address is then passed to another website (Site B) and consumed. The Website A is set in IIS to Integrated Windows Auth Only, WebSite A has

<identity impersonate="false"/>

set in the web.config What I dont understand is what user is accessing AD from site A - with impersonate = false that is telling the site not impersonate the windows user, but this seems at odds with the setting in IIS.

View 3 Replies

C# - Set HttpContext.Current.User From Thread.CurrentPrincipal?

May 17, 2010

I have a security manager in my application that works for both windows and web, the process is simple, just takes the user and pwd and authenticates them against a database then sets the Thread.CurrentPrincipal with a custom principal. For windows applications this works fine, but I have problems with web applications.

After the process of authentication, when I'm trying to set the Current.User to the custom principal from Thread.CurrentPrincipal this last one contains a GenericPrincipal. Am I doing something wrong? This is my code:

Login.aspx

[code]....

View 5 Replies

Method Is Only Supported If The User Name Parameter Matches The User Name In The Current Windows Identity?

Jan 30, 2011

get the below error. My application was working fine until I probably modified something, but don't know what.

Server Error in '/' Application.

Method is only supported if the user name parameter matches the user name in the current Windows Identity.

Description: An unhandled exception occurred during the execution of the current web request. review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Configuration.Provider.ProviderException: Method is only supported if the user name parameter matches the user name in the current Windows Identity.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[ProviderException: Method is only supported if the user name parameter matches the user name in the current Windows Identity.]
System.Web.Security.WindowsTokenRoleProvider.GetCurrentWindowsIdentityAndCheckName(String userName) +2195661
System.Web.Security.WindowsTokenRoleProvider.GetCurrentTokenAndCheckName(String userName) +36
System.Web.Security.WindowsTokenRoleProvider.GetRolesForUser(String username) +61
System.Web.Security.RolePrincipal.IsInRole(String role) +182....

View 1 Replies

System.ArgumentException While Setting HttpContext.Current.User

Sep 9, 2010

I am trying to configure one http module(a vb module) on MOSS site. In this module I have entry like below:

Dim roles As String() = Nothing
Dim webIdentity As New GenericIdentity(OracleUser, "Form")
Dim principal As New GenericPrincipal(webIdentity, roles)
HttpContext.Current.User = principal
System.Web.Security.FormsAuthentication.RedirectFromLoginPage(HttpContext.Current.User.Identity.Name.ToString, False)
Due to this I am getting 500 internal server and exception on browser is: Exception of type 'System.ArgumentException' was thrown.
Parameter name: encodedValue

If I comment "HttpContext.Current.User" related two lines then it redirect to form login.

View 1 Replies

Security :: HttpContext.Current.Request.LogonUserIdentity.Name Invalid After Rename?

Nov 30, 2010

I have IIS on S2k8 and a website with Windows Authentication only.

I can easily reproduce the following scenario, where HttpContext.Current.Request.LogonUserIdentity.Name has a bad value:

Login to website using FireFox, using an Active Directory account "user" (I could use IE to reproduce the same, but it's a few extra steps)Display <%=System.Web.HttpContext.Current.Request.LogonUserIdentity.Name%> on the pageIt shows "DOMAINuser", which is correctI go into Active Directory and rename the account to be "userX" instead of "user" (both SAMAccountName & UPN)Restart FireFoxLogin to website using "userX" accountThe page still shows "DOMAINuser", instead of the expected "DOMAINuserX"

It seems almost as if IIS has cached the old username and it's not showing me the new one, even though I explicitly enter it in the login prompt.

View 6 Replies

Saving The Login Name As Current User Identity?

Mar 1, 2011

So I'm making a asp.net login. I want the login name that people use to match an id in my SQL database. So that I can retrieve their information. But currently when I use the code below, from which I get the name of the computer I am currently on. However I would like the user Identity to be what they write in the username textbox at the login screen.

If HttpContext.Current.User.Identity.IsAuthenticated Then
Dim userName As String = HttpContext.Current.User.Identity.Name
Response.Write(userName)
End If

So I looked for it on net and I think it might have something to do with my web.config file. As I'm totally new to asp.net I wouldn't know. However here's a part of my Web.config file.

[Code]....

View 3 Replies

Windows Authentication Succeeds But IsAuthenticated == False?

Jun 29, 2010

Environment is IIS 7 integrated pipeline, ASP.NET 4.0. I have a .aspx page configured without anonymous authentication and with windows authentication:

<location path="auth/windows">
<system.webServer>
<security>

[code]...

When I request the page, a normal Windows auth (NTLM/Negotiate) challenge response happens, and ultimately the page is returned.I have an HttpModule in which I handle the PostAuthorize event. As expected, this event is only raised once the challenge-response authentication has succeeded and access to the page has been authorized.However, the Request.IsAuthenticated property is false; and HttpContext.Current.User.Identity reflects an unauthenticated user (.Name returns the empty string). Interestingly, Request.ServerVariables["LOGON_USER"] does return the value of the authenticated Windows user.I'd have thought that once the user was authenticated (and authorized, for that matter), the request would reflect being authenticated; and the User / Identity for the request would have been properly set.

View 1 Replies

Security :: Identity Impersonate + Integrated Security(DB) And Programatically Impersonating The User?

Nov 19, 2010

I have identity impersonate = true in the Web.config file. I have integrated security = true in the DB connection string in the Web.config file.Before identity impersonate was true,users were able to access the DB through the web service account (seemingly).Now I get an error which says " Login failed for ... " because I am aware there is no specific account for that user in the permissions for that DB instance.I needed to set identity impersonate = true because the web service does not have access to the Active Directory,which I need to retrieve certain user information.

My question is,does identity impersonate = true override the integrated security and attempt to user the authenticated user's account to connect to the DB? Is there a simple way to prevent this in the Web.config itself?If not,would programatically impersonating the user within the Active Directory query functions and setting identity impersonate = false do the trick here?

View 2 Replies







Copyrights 2005-15 www.BigResource.com, All rights reserved