C# - Thread.CurrentPrincipal Claims Incorrectly To Be Anonymous?
Aug 30, 2010
I'm seeing requests on my server that appear to be made by an anynomous client, although I'm certain they were made by an authenticated user - I have fiddler logs showing that the client sent valid asp.net auth cookies, and server logs indicating that the cookie arrived and is valid. The problem has been observed across all browsers.
The flow of data is:
User visits login url, on a machine that's part of a webfarm (all with the same machine, decrypt keys)On successful forms authentication, user is redirect to a restricted url, their homepage Homepage renders correctly, knowns the identify of the user, and includes javascript to perform 7 asynchronous post-backs to get additional data Javascript kicks off 7 http.get requests, hitting different machines in the webfarm (assume round robin)Server validates request: ~0.01% fail to authenticate.
Now into details:
A very small number of the asynchronous requests land at my server (with evidence they were not manipulated or faked) and appear to be anonymous. Of the 7 requests made, some number may or may not work (ie, 5/7 will succeed, 2 will fail). There doesn't appear to be any patterns in success / failures. In the cases where my requests appear to be anonymous, the CurrentPrincipal.Identity records:
Thread.CurrentPrincipal.Identity.IsAuthenticated; // false
Thread.CurrentPrincipal.Identity.Name; // null (or empty, unsure off hand)
Dumping the http.context.request.params collection to a log file, I'm able to see the following relevent (and scrubbed) properties (complete params below):
[code]...
View 4 Replies
Similar Messages:
May 17, 2010
I have a security manager in my application that works for both windows and web, the process is simple, just takes the user and pwd and authenticates them against a database then sets the Thread.CurrentPrincipal with a custom principal. For windows applications this works fine, but I have problems with web applications.
After the process of authentication, when I'm trying to set the Current.User to the custom principal from Thread.CurrentPrincipal this last one contains a GenericPrincipal. Am I doing something wrong? This is my code:
Login.aspx
[code]....
View 5 Replies
Jun 16, 2010
I have just recently run into an issue running an asp.net web app under visual studio 2008. I get the error 'type is not resolved for member...customUserPrincipal'. Tracking down various discussion groups it seems that there is an issue with Visual Studio's web server when you assign a custom principal against the Thread.CurrentPrincipal.
In my code, I now use...
HttpContext.Current.User = myCustomPrincipal
//Thread.CurrentPrincipal = myCustomPrincipal
I'm glad that I got the error out of the way, but it begs the question "What is the difference between these two methods of setting a principal?". There are other stackoverflow questions related to the differences but they don't get into the details of the two approaches.
I did find one tantalizing post that had the following grandiose comment but no explanation to back up his assertions...
[code]....
View 3 Replies
Aug 14, 2010
I want to authenticate Thread.CurrentPrincipal.Identity when it has entry in active directory or redirect user to login page to check the database for valid user.
View 1 Replies
Apr 2, 2010
I want to remove checked items from checklistbox (winform control) in class file method which i am calling asynchronously using deletegate. but it showing me this error message:-
Cross-thread operation not valid: Control 'checkedListBox1' accessed from a thread other than the thread it was created on.
i have tried invoke required but again got the same error. Sample code is below:
[code]....
View 1 Replies
Jan 18, 2010
I am currently implementing a client-side paging solution using ASP.NET, jQuery and JSON.
I have been following the excellent article from encosia: http://encosia.com/2008/08/20/easily-build-powerful-client-side-ajax-paging-using-jquery/
In my Web Method I retrieve my data from the database as a DataTable:
DataTable categoryProducts = ProductViewerAccess.GetCategoryProducts
("AA", 4, 0, Page.ToString(), out howManyPages, "FALSE", 0, "CostPrice", "asc", destinationList);
I then retrieve the data from the DataTable into an anonymous type:
var feeds =
from feed in categoryProducts.AsEnumerable()[code]....
This all works great.
However, I would like to extend the code to perform some evaluation checks (e.g., check that various columns in the DataTable are not NULL) and other pre-processing (e.g., call various functions to build the image URL based on the image ID - which is another column in the DataTable not shown in the code fragment) before I return the resulting rows of the DataTable as an anonymous type to the client-side.Basically, I want to iterate through the DataTable, perform the evaluation checks and pre-processing, while building my anonymous type manually as I go. Or maybe there is a better way to achieve this?
View 2 Replies
Jun 8, 2010
1) How/where do I set the lifetime of the session cookie in my web application when using an STS to get claims? From what I can tell, it seems I can only do this programmatically in the erviceConfigurationCreated event.
2) How/where can I make sure that the expiration is sliding?
View 1 Replies
Jan 27, 2010
How can we debbug a multi-thread program to see local variables of each thread using visual studio 2008.
View 1 Replies
Nov 24, 2010
I'm new to threading and have used it successfully, but limited. I can spawn a thread and have the main thread reference variables in the spawned thread, but I don't know how to allow the spawned thread to reference (and update) variables in the main thread.
Any example threading code I've seen on the web appears to be WAY more complicated than what I do, so I am unable to understand or integrate into my code.
Here is a quick example of how I use threading:
[code].....
View 3 Replies
Dec 20, 2010
I have a web application hosted in IIS 7.5 and expose its functionality using web services. The web application has state the the first thing I do is to call a web service method to start it all up. As a consequence several threads are created and these threads run until the system is stopped. All recycling of application pools and such is disabled! To access the web services the calling client must authenticate (using basic auth and local windows users). Thus, an incoming request has the CurrentPrincipal set. The logging subsystem is setup to tag all log messages with the current principals identity name and this works just fine for code that runs on an the thread of on incoming request. But, it doesn't work at all for all of my background threads. The current principal is still set in these threads but the identity objects name has been disposed. Why is this? What can I do to fix this. I would really like to get all log messages tagged with the current principal. It also seems impossible to detect if the identity name instance has been disposed without trying to access it and catch the exception which is highly annoying.
View 2 Replies
Mar 24, 2010
I am reading the Asp.net security documentation on msdn.I come across these tow terms and get really confused.
# WindowsIdentity = WindowsIdentity.GetCurrent()
which returns the identity of the security context of the currently executing Win32 thread.
# Thread = Thread.CurrentPrincipal
which returns the principal of the currently executing .NET thread which rides on top of the Win32 thread.
View 1 Replies
Jun 25, 2010
I have a password page and when someone enters an incorrect password I want to simply foil a brute force attack by having
bool isGoodPassword = (password == expected_password);
lock (this)
{
if (!isGoodPassword)
Thread.Sleep(2000);
}
I would expect that this would allow all correct passwords without stalling, but if one user enters a bad password another successful password from a different user would also be blocked. However, the lock doesn't seem to lock across ASP.NET threads.
View 4 Replies
Aug 27, 2010
I want a example of multithreading .i want to use it in a web form not on console.i am using C#.net .and how to use thread.sleep method for a particular thread.
View 5 Replies
Aug 30, 2010
I am developing a CompositeDataBoundControl that is basically a 'table' inside a 'div', in order to limit the size of the Control and use the scrolling capabilities of the 'div' tag ('RenderBeginTag("div").
So essentially the control is;
<div style="overflow:auto;width:400px;height:300px;">
<table style="table-layout:fixed;">
[code]...
View 3 Replies
Feb 26, 2011
I have a registration form which is working perfectly well, I need to enhance it slightly from where it is. As it is users are able to register for an account wether the email has been previously used/allocated in the user db.A client side call to the IsEmailAvailable function works great, just not working correctly server side. Here is the code.
My function:
[Code]....
And my if statement:
[Code]....
So my question is, how can I pass the end value of the IsEmailAvailable function to my if statement correctly.
View 4 Replies
Mar 21, 2011
I'm using the following code to display an arabic date:
Dim dtFormat As DateTimeFormatInfo = New CultureInfo("ar-sa", False).DateTimeFormat
dtFormat.Calendar = New HijriCalendar()
Dim hijriDate As String = Now.ToString("d MMMM yyyy", dtFormat)
Today this is displaying as 16 ربيع الثاني 1432. However, according to a user, the arabic text should be in the middle with the year 1432 at the end.
However, when you highlight the text, it highlights back to front.
View 1 Replies
Nov 28, 2010
My project is an asp.net-mvc 2 project using the default webforms view engine.The master page contains the following in the head tag:
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
This is valid Html 4.01 and shouldn't contain a trailing self-closing tag (it's not xhtml).When I run this page however, it gets rendered as follows:
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
View 1 Replies
Jan 27, 2010
I have a popup with a form on it displaying account details for clients. Each client has at least 1 account but may have up to 999. The popup and form is displayed properly, but when i click on any of the < > << >> pager options, the popup closes instead of moving to the next record in the form.
[Code]....
View 4 Replies
Feb 22, 2015
I have created a Default.aspx page using HTML5 tags such as header, nav, section, footer.
1. The content renders fine on my dev machine (running IE11).
2. However, it doesn't render on my network (live client) PC running IE11. But, it is fine rendering in Chrome!!!!
Here is an example:
Code:
<body>
<form id="frmDefault" runat="server">
<header>
<h1>Resource Portal</h1>
</header>
<nav>
<ajaxToolkit:ToolkitScriptManager ID="ToolkitScriptManager" runat="server" />
[Code] ....
View 13 Replies
May 24, 2010
I am struggling to find out the problem with something. Basically on this page:http://kidsunlimited.co.uk/nursery.aspx?ID=12&Month=April%202010#fragment-11 If you look at the nursery diary tab, will see an article, the first article is named "Test article for archives 1". Now the date should be 01 April 2010, but instead its showing as 04 Jan 2010I don't understand why. I have been looking at my insert statement and when i insert in the admin section i have a AJax date extender. And it populates the text box like so '01/04/2010'But then when i check in my database i notice it has been added as '04/01/2010'.
[code]...
View 3 Replies
Jul 1, 2010
I am binding a datalist to some table 0 of a dataset from the database. When I check the number of rows in the dataset table 0 it's coming as 129 but when I check the count of the datalist items(using Datalist_Name.Items.Count) inside the datalist item created event I am getting a maximum count of 128.Due, to this I am unable to assign values to the last label control(last as in the last row) present inside the datalist dynamically. I am not sure where I am going wrong. I even tried to replicate the same code inside the ItemDataBound event but even then I am getting the same error.
View 5 Replies
Mar 9, 2010
I currently have an Instance of the ASP.net ajax control toolkit combo box residing in a field set with a style of position:releative applied. The control also sits in a very plain table.
There are two problems with the display of the list:
The list does not sit flush with the text box. In I.E. 7 (which is the majority of my target audience, intranet where IE7 is the company standard) the list display about 10px below the fieldset, which is what the bottom margin of the fieldset is set to. In FF 2.0 the list sits sinificantly lower and off-set to the right.
Below the filed set there is more content in a div, also with a style of position:relative applied. The list from the combo box displays behind the content of this div, which is obviously an issue.
Removing position: releative from the fieldset resolves the display issue of the combo box, but results in other unwanted display side effects.
View 1 Replies
Jul 31, 2010
Environment.WorkingSet incorrectly reports the memory usage for a web site that runs on Windows 2003 Server.(OS Vers: Microsoft Windows NT 5.2.3790 Service Pack 2, .NET Vers: 2.0.50727.3607)
It reports memory as Working Set(Physical Mem.): 1952 MB (2047468061).
Same web site runs locally on Windows Vista with a Working Set(Physical Mem.): 49 MB (51924992).
I have limited access to the server and support is so limited.
so i have computed the total memory by traversing with VirtualQuery.
Total of pages with state: MEM_FREE is 1300 MB.
(I guess server have 4 GBs of RAM and PAE is not enabled, max user mode virtual address is 0x7fff0000.)
So, i know working set is not only about virtual memory. But, is it normal to have such a high working set while its very low on another machine?
View 2 Replies
Apr 26, 2010
Our team has recently implemented a role permission based authorization so that we can have granular control. This is similar to what Rockford Lhotka suggests herehttp://www.lhotka.net/weblog/PermissionbasedAuthorizationVsRolebasedAuthorization.aspx I have also read about the Claims based authorization which to me looks very similar to what we have. Can some one put in simple terms what the advantages of claims based authorization are.
View 1 Replies
Feb 8, 2010
When any of my page is idle for about 20 minute, and after that if I hit any button, like Sumit Button or any other button, at this time, Page.IsPostback is again False, and none of the click event is fired and page gets reloaded again.
This happens only if I go like this, open up any of my webpage, keep it idle OR do nothing for about 20 minute, exactly on 21st or 22nd minute, Click on any of the button on the page, and the page gets reloaded, click event does not get fired. I debugged for this and I checked the Page.IsPostback value at this point and I got it as False after 20 minute, I don't know why. It should be True. And because of this my page gets reloaded and nothing gets submitted and every control is in the blank position once again and user have to enter everything again.
But if I enter everything and hit any of the button or Submit button within 20 minute, then everything works fine, Submit button's click event is also gets fired and everything works perfect.
And this is happening in all of my page. I am not sure what configuration is wrong.
But just for more details, I have a master page, I am using Telerik Controls and I have session Timeout set as 60 minute everywhere, in web.config and in IIS settings and in my App_Pool also. On my Master Page, I have ASP:ScriptManager, Tekerik:RadMenu, ASP:ContentPlaceHolder controls and some other controls and javascript code too.
[code]....
View 9 Replies
