C# - Set HttpContext.Current.User From Thread.CurrentPrincipal?
May 17, 2010
I have a security manager in my application that works for both windows and web, the process is simple, just takes the user and pwd and authenticates them against a database then sets the Thread.CurrentPrincipal with a custom principal. For windows applications this works fine, but I have problems with web applications.
After the process of authentication, when I'm trying to set the Current.User to the custom principal from Thread.CurrentPrincipal this last one contains a GenericPrincipal. Am I doing something wrong? This is my code:
I have just recently run into an issue running an asp.net web app under visual studio 2008. I get the error 'type is not resolved for member...customUserPrincipal'. Tracking down various discussion groups it seems that there is an issue with Visual Studio's web server when you assign a custom principal against the Thread.CurrentPrincipal.
I'm glad that I got the error out of the way, but it begs the question "What is the difference between these two methods of setting a principal?". There are other stackoverflow questions related to the differences but they don't get into the details of the two approaches.
I did find one tantalizing post that had the following grandiose comment but no explanation to back up his assertions...
I have a static class with serveral static methods. In these methods, I'm trying to access the current thread's context using HttpContext.Current. For example:
var userName = HttpContext.Current.User.Identity.Name;
However, when I do that, I receive a NullReferenceException, the infamous "Object reference not set to an instance of an object."
Bit of a long shot, but is there a way in ASP.NET to dynamically get the website's URL [URL] when there is no HttpContext.Current available.
There is no HttpContext because the code is running in a background thread* (but under the ASP.NET AppDomain). I have a background process that sends emails out every evening, and needs to include the Web address, but I don't want to hard code it because of deployments and testing (it changes from [URL] to[URL] and then to [URL] for the live site).
We have a web site which implements a central HttpSessionState management in App_Code like this:
[code]...
All of this worked fine ultil we needed to implement a time consuming process in a new thread... In the second thread HttpContext.Current.Session is null (we know its because the current context its different between threads) so everything fails :
Investigating we found that you could pass the session from one thread to another like this:
I'm seeing requests on my server that appear to be made by an anynomous client, although I'm certain they were made by an authenticated user - I have fiddler logs showing that the client sent valid asp.net auth cookies, and server logs indicating that the cookie arrived and is valid. The problem has been observed across all browsers.
The flow of data is:
User visits login url, on a machine that's part of a webfarm (all with the same machine, decrypt keys)On successful forms authentication, user is redirect to a restricted url, their homepage Homepage renders correctly, knowns the identify of the user, and includes javascript to perform 7 asynchronous post-backs to get additional data Javascript kicks off 7 http.get requests, hitting different machines in the webfarm (assume round robin)Server validates request: ~0.01% fail to authenticate.
Now into details:
A very small number of the asynchronous requests land at my server (with evidence they were not manipulated or faked) and appear to be anonymous. Of the 7 requests made, some number may or may not work (ie, 5/7 will succeed, 2 will fail). There doesn't appear to be any patterns in success / failures. In the cases where my requests appear to be anonymous, the CurrentPrincipal.Identity records:
Dumping the http.context.request.params collection to a log file, I'm able to see the following relevent (and scrubbed) properties (complete params below):
I want to authenticate Thread.CurrentPrincipal.Identity when it has entry in active directory or redirect user to login page to check the database for valid user.
am writing a web service in vb.net/asp.net 2, that needs user's name. It works fine when the url request is "www.mysite.com" but if any one has logged-in using "mysite.com" without a "www" and goes to the page that calls my web service, The HttpContext.Current.User.Identity.Name gives null. How can I resolve this problem?
I am trying to configure one http module(a vb module) on MOSS site. In this module I have entry like below:
Dim roles As String() = Nothing Dim webIdentity As New GenericIdentity(OracleUser, "Form") Dim principal As New GenericPrincipal(webIdentity, roles) HttpContext.Current.User = principal System.Web.Security.FormsAuthentication.RedirectFromLoginPage(HttpContext.Current.User.Identity.Name.ToString, False) Due to this I am getting 500 internal server and exception on browser is: Exception of type 'System.ArgumentException' was thrown. Parameter name: encodedValue
If I comment "HttpContext.Current.User" related two lines then it redirect to form login.
I create two pages, the first one is the login page with user name and password textboxes - (not asp login control) , when clicking login button I check the login authentication, if it is true redirect to default page. in the default page if !IsCallBack then i check httpcontext.current.user.identity.isauthenticated
if it is false i redirect the user to the login page. but my problem is that the httpcontext.current.user.identity.isauthenticated is always false.
I was/am struggling with security for my first MVC applicaiton. It worked out great for me, but not for my users. I wanted to use Windows Authentication (and I seem to have that working). But when I was still trying to implement it, I was on one of our users computers where they were logged in. I navigated to the main Index page and used the supplied MVC login link and *MY* credentials. So now every time that user navigates to that page, it logs her in as me. We are using IE8, I have deleted all the cookies, passwords, forms information I can fine through Tools|Internet Options|Tool|Content|AutoComplete.
We have an SharePoint site no login (anonymous) with a search module using AJAX. Now the users complains that the module isn't working. When I check the code (not developed by me), I find that the code only runs if "HttpContext.Current.User.Identity.IsAuthenticated=true". Could that ever return true on an anonymous site?
I was reading Walkthrough: Creating an Asynchronous HTTP Handler and noticed they pass the HttpContext from the handler thread and use it in a WaitCallback which runs on a background thread. It makes calls like _context.Response.Write(). Am I correct in assuming that this doesn't violate the fact that HttpContext is not thread safe because the handler thread will not be using it after the async work has started?
Also, Using an HTTPContext across threads has some good information about HttpContext and threads. Is all of HttpContext not thread safe, or just items like Response? Can multiple background threads access the Items property, if only in read mode?
i'm using an example in which i can fake the session.It's for use in a unittest of a mvc controller.In the test i create a controller and then i do this:
FakeHttpContext httpctx = new FakeHttpContext(null,null,null,null,mSessionItems ); ControllerContext ctx2 = new ControllerContext(httpctx,new RouteData(), target);
here mSessionItems is my session and target is my instance of a controller,and indeed, when i'm in a controller reading this.ControllerContext.HttpContext.Session, i have a session, great!but.... i also read the session outside the controller, and there i use HttpContext.Current.Session, and that is null (or actualy, the HttpContext.Current is null).
As per title. I want to be able to save some data in a cache object but this object must be available to all users/sessions and can expire.What is the best method to achieve this in a asp.net web app?
I have some code that works fine when I need to delete some image files from a directory on my web server:
Dim ImageURL As String = dsImages.Tables(0).Rows(iImgRow).Item("ImageURL") Dim physicalName = Server.MapPath(ImageURL) oUpload.DeleteFileFromServer(physicalName, iAdid, iImgID)
.but I am running into a problem when a maintenance task running in a separate thread at set intervals determines that files like the above need to be deleted:
Dim ImageURL As String = dsImage.Tables(0).Rows(i - 1).Item("ImageURL") Dim iImgID As Integer = dsImage.Tables(0).Rows(i - 1).Item("ImageId") Dim physicalName As String = HttpContext.Current.Server.MapPath(ImageURL) oUpload.DeleteFileFromServer(physicalName, iAdID, iImgID)
In this latter case, HttpContext.Current.Server.MapPath(ImageURL) has a value of Nothing.Is there a way to get the full path for this case?
During Application_End() in Global.aspx, HttpContext.Current is null. I still want to be able to access cache - it's in memory, so want to see if I can reference it somehow to save bits to disk.
Question - is there a way to reference cache in memory somehow when HttpContext.Current is null?
Perhaps I could create a global static variable that would store pointer to cache that I could update on HTTP requests (pseudo: "static <pointer X>" = HttpRequest.Current) and retrieve a reference to cache through that pointer in Application_End()?
Is there a better way to access Cache in memory when there is no Http Request is made?
