Security :: Httpcontext.current.user.identity.isauthenticated Always False?
Sep 7, 2010
I create two pages, the first one is the login page with user name and password textboxes - (not asp login control) , when clicking login button I check the login authentication, if it is true redirect to default page. in the default page if !IsCallBack then i check httpcontext.current.user.identity.isauthenticated
if it is false i redirect the user to the login page. but my problem is that the httpcontext.current.user.identity.isauthenticated is always false.
Below the section of authentication in web config
[code]....
View 5 Replies
Similar Messages:
Jan 18, 2010
We have an SharePoint site no login (anonymous) with a search module using AJAX. Now the users complains that the module isn't working. When I check the code (not developed by me), I find that the code only runs if "HttpContext.Current.User.Identity.IsAuthenticated=true". Could that ever return true on an anonymous site?
View 1 Replies
Nov 22, 2010
I need an app pool recycle to be completely transparent to the users of my web app. I use ASP.NET 3.5 MVC 1.
Currently, upon an IIS 7 App Pool recycle all users logged into my web app are kicked out and are required to log back in (Context.User.Identity.IsAuthenticated is set to false). I employ SQL State Server, I use forms authentication and both are configured to use cookies. I was under the impression that .NET and/or IIS handles authentication of cookies.
However, every time the app pool is recycled Context.User.Identity.IsAuthenticated is set to false my users are kicked out and are required to log back in. I can see that the session id remains the same throughout logins, I can also view this session information in the database/state server.
Logon method:
[Code]....
Custom Controller Attribute:
[Code]....
WebConfig:
[Code]....
View 1 Replies
Oct 20, 2010
am writing a web service in vb.net/asp.net 2, that needs user's name. It works fine when the url request is "www.mysite.com" but if any one has logged-in using "mysite.com" without a "www" and goes to the page that calls my web service, The HttpContext.Current.User.Identity.Name gives null. How can I resolve this problem?
View 2 Replies
May 14, 2010
I have created an ExtendedId class which extends GenericIdentity. (This stores Id as well as name)
In a httpmodule I stored this extended id in Current.User like so:
HttpContext.Current.User = new GenericPrincipal(myExtendedId, roles);
Problem is, later, how do I get at my ExtendedId type again?
If I try this:
ExtendedId eId = (ExtendedId)HttpContext.Current.User.Identity;
View 2 Replies
Jul 8, 2010
is possible to create another property like 'userid' as i can access like
HttpContext.Current.User.Identity.userid ? if yes , how? (actualy last year i did something like this but i have forgotten
View 1 Replies
May 24, 2010
I have a page where, when the user has successfully logged in, I store some values in the session.
I then use these values to load an application list page. This page is automatically refreshed after 20.1 minutes, with the sessionstate timeout and forms timeout in web.config set to 20 minutes (with sliding expiration). This means, if the user does not use any page for more than 20 minutes, he is timed out.
My problem is that the User.Identity.IsAuthenticated sometimes returns true, when the session has expired.
Why is this happening, and how can I fix it?
View 3 Replies
Apr 29, 2010
We have an application using Windows authentication and have <Domain>olduser account.
We renamed the account in the active directory to <Domain>olduser2
Login to a pc as <Domain>olduser2 and try to access our application.
the problem is we can't login anymore.
when i debug the application, i can see that the HttpContext.User.Identity.Name is still <Domain>olduser.. and not olduser2
View 3 Replies
Mar 3, 2011
I am trying to create a httphandler which will intercept a sample pdf file which we have in our website. The httphandler works fine from within my development machine and even my locally published website that if I just try to connect to the test url: [URL] I will get sent to the invalid access page. So pushing it to our IIS6 machine when I try to go to the URL it serves up the PDF document. context.User.Identity.IsAuthenticated is always showing as true. I'm using forms authentication. below is the code I am using as the handler.
public void ProcessRequest(HttpContext context)
{
if (context.User.Identity.IsAuthenticated)
{
string SampleURL = context.Request.AppRelativeCurrentExecutionFilePath;
context.Response.Buffer = true;
context.Response.Clear();
using (FileStream fs = new FileStream(HttpContext.Current.Server.MapPath(SampleURL),FileMode.Open))
{
int length = (int)fs.Length;
byte[] buffer;
using (BinaryReader br = new BinaryReader(fs))
{
buffer = br.ReadBytes(length);
}
context.Response.Clear();
context.Response.Buffer = true;
context.Response.ContentType = "application/pdf";
context.Response.BinaryWrite(buffer);
context.Response.End();
}
}
else
{
context.Response.Redirect(
"~/Error/invalid_access.aspx");
}}
in web.config I have the following for form authentication:
<authentication mode="Forms">
<forms name="Sample.Web" loginUrl="~/Security/" defaultUrl="~/default.aspx" protection="All" timeout="60" path="/" requireSSL="false" slidingExpiration="true" enableCrossAppRedirects="false" cookieless="UseDeviceProfile" domain="">
</forms>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
View 3 Replies
Feb 9, 2010
I am using forms authentication and have an issue with a particular browser using the remember me feature. For various reasons I want to support the opera browser that works with the nintendo dsi. I can use forms authentication with that browser just fine but when I use the remember me (cookie) feature I can get through the login but then calls to User.Identity.IsAuthenticated return false. If I do not check remember me it works fine. Initially I thought the browser didn't support cookies but it does. At least I can go to m.gmail.com and check their version of remember me and it works. I can exit the browser and come back in and m.gmail.com remembers me. Also I don't have problems with remember me on any other browser I have tried.
Is anyone aware of some specific browser issue that doesn't work with asp.net forms authentication? I am using asp.net mvc but I doubt that matters.
View 3 Replies
Nov 30, 2010
I was/am struggling with security for my first MVC applicaiton. It worked out great for me, but not for my users. I wanted to use Windows Authentication (and I seem to have that working). But when I was still trying to implement it, I was on one of our users computers where they were logged in. I navigated to the main Index page and used the supplied MVC login link and *MY* credentials. So now every time that user navigates to that page, it logs her in as me. We are using IE8, I have deleted all the cookies, passwords, forms information I can fine through Tools|Internet Options|Tool|Content|AutoComplete.
View 6 Replies
Feb 26, 2010
I'm in the middle of moving a web application from IIS6 to IIS7. I've enabled "Windows Authentication" and added <deny users="?" /> to the authorization section of my web.config file. When the app was running on IIS6 my users where able to access the web app without logging in because their windows login was automatically recognized. This does not seem to be the case in II7. I can not get a value for "Current.User.Identity.Name" in my ASP.Net code.
View 1 Replies
Apr 22, 2010
What is the best sequence order for Page.IsPostBack and User.Identity.IsAuthenticated? From what I have search for, this comes up most common:
If Not Page.IsPostBack Then
If User.Identity.IsAuthenticated Then
~Some kind of code~
End If
End If
Is this considered "best practice" or can the two items - Page.IsPostBack and User.Identity.IsAuthenticated -be split into their own sections so the fuctions of these can be independent of each other?I am trying to troubleshoot a placeholder that disappears from a master page when a content page button is pressed to change the content pages active view (I have a multiview w/ 5 views inside of it).
View 2 Replies
Jan 21, 2010
I am having a problem with security in a web application I am building using Visual Web Developer 2008. I am using Forms Authentication:
<authentication mode="Forms">
<forms name=".MYAUTH" timeout="20" enableCrossAppRedirects="true" />
</authentication>
And a SQL Server database with ASP.NET Membership and Roles. I am using the LoginView control with the AnonymousTemplate and LoggedInTemplate to manage the user's interaction with logging in and out. The problem I am having is that I am authenticating the user against the database:
If Membership.ValidateUser(_userName, _txtLoginPass.Text)
Then returns True and:
FormsAuthentication.SetAuthCookie(_userName, False)
sets the cookie correctly:
FormsAuthentication.Decrypt(FormsAuthentication.GetAuthCookie(_userName, False).Values(0))
{System.Web.Security.FormsAuthenticationTicket} CookiePath: "/"
Expiration: #1/21/2010 1:42:27 PM#
Expired: False
IsPersistent: False
IssueDate: #1/21/2010 1:22:27 PM#
Name: "jaymo "
UserData: ""
Version: 2
but when I check
HttpContext.Current.User.Identity.IsAuthenticated it always returns False.
If done this before and it worked fine. I cannot find any mistake I might have made or where something might have changed between ASP.NET 2.0 and 3.5.
View 2 Replies
Mar 2, 2010
I have created a web services (WCF) and i have a webmethod that return a string that string is a HTTPCONTEXT.USER.IDENTITY.USER unfortunately it does not return any value.
View 9 Replies
Dec 23, 2010
this works fine on my local site but as soon as i upload the site to my live server i get stem.NullReferenceException: Object reference not set to an instance of an object
on the first line of this:
if (!Page.User.Identity.IsAuthenticated)
{
pnlSignIn.Visible = true;
pnlSignOut.Visible = false;
}
View 1 Replies
Jan 2, 2010
this problem is baffling me. I have a custom class that all my pages inherit from
Public Class Page : Inherits Page
Private Sub Page_Load(ByVal sender As Object, ByVal e As EventArgs) Handles Me.Load
Display Admin Controls (Buttons) '
[code]...
View 2 Replies
Feb 21, 2011
I have a webpage stored on a local server (Site A) which when I browse to it is given my windows account details, this site then checks within AD to get my email address. My email address is then passed to another website (Site B) and consumed. The Website A is set in IIS to Integrated Windows Auth Only, WebSite A has
<identity impersonate="false"/>
set in the web.config What I dont understand is what user is accessing AD from site A - with impersonate = false that is telling the site not impersonate the windows user, but this seems at odds with the setting in IIS.
View 3 Replies
May 17, 2010
I have a security manager in my application that works for both windows and web, the process is simple, just takes the user and pwd and authenticates them against a database then sets the Thread.CurrentPrincipal with a custom principal. For windows applications this works fine, but I have problems with web applications.
After the process of authentication, when I'm trying to set the Current.User to the custom principal from Thread.CurrentPrincipal this last one contains a GenericPrincipal. Am I doing something wrong? This is my code:
Login.aspx
[code]....
View 5 Replies
Jan 30, 2011
get the below error. My application was working fine until I probably modified something, but don't know what.
Server Error in '/' Application.
Method is only supported if the user name parameter matches the user name in the current Windows Identity.
Description: An unhandled exception occurred during the execution of the current web request. review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Configuration.Provider.ProviderException: Method is only supported if the user name parameter matches the user name in the current Windows Identity.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[ProviderException: Method is only supported if the user name parameter matches the user name in the current Windows Identity.]
System.Web.Security.WindowsTokenRoleProvider.GetCurrentWindowsIdentityAndCheckName(String userName) +2195661
System.Web.Security.WindowsTokenRoleProvider.GetCurrentTokenAndCheckName(String userName) +36
System.Web.Security.WindowsTokenRoleProvider.GetRolesForUser(String username) +61
System.Web.Security.RolePrincipal.IsInRole(String role) +182....
View 1 Replies
Sep 9, 2010
I am trying to configure one http module(a vb module) on MOSS site. In this module I have entry like below:
Dim roles As String() = Nothing
Dim webIdentity As New GenericIdentity(OracleUser, "Form")
Dim principal As New GenericPrincipal(webIdentity, roles)
HttpContext.Current.User = principal
System.Web.Security.FormsAuthentication.RedirectFromLoginPage(HttpContext.Current.User.Identity.Name.ToString, False)
Due to this I am getting 500 internal server and exception on browser is: Exception of type 'System.ArgumentException' was thrown.
Parameter name: encodedValue
If I comment "HttpContext.Current.User" related two lines then it redirect to form login.
View 1 Replies
Nov 30, 2010
I have IIS on S2k8 and a website with Windows Authentication only.
I can easily reproduce the following scenario, where HttpContext.Current.Request.LogonUserIdentity.Name has a bad value:
Login to website using FireFox, using an Active Directory account "user" (I could use IE to reproduce the same, but it's a few extra steps)Display <%=System.Web.HttpContext.Current.Request.LogonUserIdentity.Name%> on the pageIt shows "DOMAINuser", which is correctI go into Active Directory and rename the account to be "userX" instead of "user" (both SAMAccountName & UPN)Restart FireFoxLogin to website using "userX" accountThe page still shows "DOMAINuser", instead of the expected "DOMAINuserX"
It seems almost as if IIS has cached the old username and it's not showing me the new one, even though I explicitly enter it in the login prompt.
View 6 Replies
Mar 1, 2011
So I'm making a asp.net login. I want the login name that people use to match an id in my SQL database. So that I can retrieve their information. But currently when I use the code below, from which I get the name of the computer I am currently on. However I would like the user Identity to be what they write in the username textbox at the login screen.
If HttpContext.Current.User.Identity.IsAuthenticated Then
Dim userName As String = HttpContext.Current.User.Identity.Name
Response.Write(userName)
End If
So I looked for it on net and I think it might have something to do with my web.config file. As I'm totally new to asp.net I wouldn't know. However here's a part of my Web.config file.
[Code]....
View 3 Replies
Jun 29, 2010
Environment is IIS 7 integrated pipeline, ASP.NET 4.0. I have a .aspx page configured without anonymous authentication and with windows authentication:
<location path="auth/windows">
<system.webServer>
<security>
[code]...
When I request the page, a normal Windows auth (NTLM/Negotiate) challenge response happens, and ultimately the page is returned.I have an HttpModule in which I handle the PostAuthorize event. As expected, this event is only raised once the challenge-response authentication has succeeded and access to the page has been authorized.However, the Request.IsAuthenticated property is false; and HttpContext.Current.User.Identity reflects an unauthenticated user (.Name returns the empty string). Interestingly, Request.ServerVariables["LOGON_USER"] does return the value of the authenticated Windows user.I'd have thought that once the user was authenticated (and authorized, for that matter), the request would reflect being authenticated; and the User / Identity for the request would have been properly set.
View 1 Replies
Nov 19, 2010
I have identity impersonate = true in the Web.config file. I have integrated security = true in the DB connection string in the Web.config file.Before identity impersonate was true,users were able to access the DB through the web service account (seemingly).Now I get an error which says " Login failed for ... " because I am aware there is no specific account for that user in the permissions for that DB instance.I needed to set identity impersonate = true because the web service does not have access to the Active Directory,which I need to retrieve certain user information.
My question is,does identity impersonate = true override the integrated security and attempt to user the authenticated user's account to connect to the DB? Is there a simple way to prevent this in the Web.config itself?If not,would programatically impersonating the user within the Active Directory query functions and setting identity impersonate = false do the trick here?
View 2 Replies
