C# - Difference Between Http.context.user And Thread.currentprincipal And When To Use Them
Jun 16, 2010
I have just recently run into an issue running an asp.net web app under visual studio 2008. I get the error 'type is not resolved for member...customUserPrincipal'. Tracking down various discussion groups it seems that there is an issue with Visual Studio's web server when you assign a custom principal against the Thread.CurrentPrincipal.
In my code, I now use...
HttpContext.Current.User = myCustomPrincipal
//Thread.CurrentPrincipal = myCustomPrincipal
I'm glad that I got the error out of the way, but it begs the question "What is the difference between these two methods of setting a principal?". There are other stackoverflow questions related to the differences but they don't get into the details of the two approaches.
I did find one tantalizing post that had the following grandiose comment but no explanation to back up his assertions...
[code]....
View 3 Replies
Similar Messages:
May 17, 2010
I have a security manager in my application that works for both windows and web, the process is simple, just takes the user and pwd and authenticates them against a database then sets the Thread.CurrentPrincipal with a custom principal. For windows applications this works fine, but I have problems with web applications.
After the process of authentication, when I'm trying to set the Current.User to the custom principal from Thread.CurrentPrincipal this last one contains a GenericPrincipal. Am I doing something wrong? This is my code:
Login.aspx
[code]....
View 5 Replies
Aug 30, 2010
I'm seeing requests on my server that appear to be made by an anynomous client, although I'm certain they were made by an authenticated user - I have fiddler logs showing that the client sent valid asp.net auth cookies, and server logs indicating that the cookie arrived and is valid. The problem has been observed across all browsers.
The flow of data is:
User visits login url, on a machine that's part of a webfarm (all with the same machine, decrypt keys)On successful forms authentication, user is redirect to a restricted url, their homepage Homepage renders correctly, knowns the identify of the user, and includes javascript to perform 7 asynchronous post-backs to get additional data Javascript kicks off 7 http.get requests, hitting different machines in the webfarm (assume round robin)Server validates request: ~0.01% fail to authenticate.
Now into details:
A very small number of the asynchronous requests land at my server (with evidence they were not manipulated or faked) and appear to be anonymous. Of the 7 requests made, some number may or may not work (ie, 5/7 will succeed, 2 will fail). There doesn't appear to be any patterns in success / failures. In the cases where my requests appear to be anonymous, the CurrentPrincipal.Identity records:
Thread.CurrentPrincipal.Identity.IsAuthenticated; // false
Thread.CurrentPrincipal.Identity.Name; // null (or empty, unsure off hand)
Dumping the http.context.request.params collection to a log file, I'm able to see the following relevent (and scrubbed) properties (complete params below):
[code]...
View 4 Replies
Aug 14, 2010
I want to authenticate Thread.CurrentPrincipal.Identity when it has entry in active directory or redirect user to login page to check the database for valid user.
View 1 Replies
Mar 30, 2011
Probably these are two questions in one, I am using one EF context per request, but I want to use one per thread, because I am going to make some complex task in another thread during the request. So, is it safe? If the answer is yes, how to do it? how to store objects in thread and get them back?
View 2 Replies
Jul 16, 2010
I have a ASP.NET page with a WebMethod that creates an object and runs one of the object's methods in a new thread.I need to access the System.Web.HttpContext.Current.Response.ContentType property from within this thread. Each time I (try to) access it, I receive a NullReferenceException.
View 1 Replies
Feb 10, 2010
I was reading Walkthrough: Creating an Asynchronous HTTP Handler and noticed they pass the HttpContext from the handler thread and use it in a WaitCallback which runs on a background thread. It makes calls like _context.Response.Write(). Am I correct in assuming that this doesn't violate the fact that HttpContext is not thread safe because the handler thread will not be using it after the async work has started?
Also, Using an HTTPContext across threads has some good information about HttpContext and threads. Is all of HttpContext not thread safe, or just items like Response? Can multiple background threads access the Items property, if only in read mode?
View 1 Replies
Feb 5, 2010
When I was localizing my web application I got one strange doubt.
In the first request i set current thread's current culture to user chosen culture. It worked fine for that particular request. But when i browsed for other page, server rendered content in default english culture. I think the reason meight be "http is stateless" means current request is served by a thread whose culture was set properly. Send request will be serverd another thread which does not about previous thread. So we should once again assign culture to this thread. Localization can be done by setting culture to a session variable.
So my question is what is the benifit that we get by setting culture to current thread. With setting to thread we can show the page in user desired language.
View 2 Replies
Apr 2, 2010
I want to remove checked items from checklistbox (winform control) in class file method which i am calling asynchronously using deletegate. but it showing me this error message:-
Cross-thread operation not valid: Control 'checkedListBox1' accessed from a thread other than the thread it was created on.
i have tried invoke required but again got the same error. Sample code is below:
[code]....
View 1 Replies
Feb 10, 2011
Right off the bat, I hit a wall with the default test added by VS 2010. I forget the exact error now, but it was saying that the tests weren't executed... something about the server. Before I sounds too stupid, the "fix" was to remove the web attributes on the test, causing my tests to NOT need to run through the web server. At this point I have a number of simple, but relevant controller tests up and running.
QUESTION #1.Is it commonplace to run unit tests throught the web server. I have a hard time envisioning that taking place on the build server once I port this solution. It feels much quicker and cleaner to run them directly against the code.
QUESTION #2.I have a security helper class that simply checks to see if the authenticated user is a member of the required Active Directory group before allowing them to perform updates in the application.
I wanted to test it, but the helper uses the HttpContext.Current instance.Should I require this test to run through the web server, or should I change it to accept the context as an argument and mock that context for the unit test? I've installed MOQ, but haven't started the learning process with it yet.
Here is the helper class:
[Code]....
View 4 Replies
Mar 11, 2010
I have a static class with serveral static methods. In these methods, I'm trying to access the current thread's context using HttpContext.Current. For example:
var userName = HttpContext.Current.User.Identity.Name;
However, when I do that, I receive a NullReferenceException, the infamous "Object reference not set to an instance of an object."
View 3 Replies
Aug 26, 2010
what is doffrence between http://domain.com & http://www.domain.com where domain is the same name in both of this.e.g. http://mycompany.com & http://www.mycompany.comi
View 2 Replies
Jan 27, 2010
How can we debbug a multi-thread program to see local variables of each thread using visual studio 2008.
View 1 Replies
Nov 24, 2010
I'm new to threading and have used it successfully, but limited. I can spawn a thread and have the main thread reference variables in the spawned thread, but I don't know how to allow the spawned thread to reference (and update) variables in the main thread.
Any example threading code I've seen on the web appears to be WAY more complicated than what I do, so I am unable to understand or integrate into my code.
Here is a quick example of how I use threading:
[code].....
View 3 Replies
Dec 20, 2010
I have a web application hosted in IIS 7.5 and expose its functionality using web services. The web application has state the the first thing I do is to call a web service method to start it all up. As a consequence several threads are created and these threads run until the system is stopped. All recycling of application pools and such is disabled! To access the web services the calling client must authenticate (using basic auth and local windows users). Thus, an incoming request has the CurrentPrincipal set. The logging subsystem is setup to tag all log messages with the current principals identity name and this works just fine for code that runs on an the thread of on incoming request. But, it doesn't work at all for all of my background threads. The current principal is still set in these threads but the identity objects name has been disposed. Why is this? What can I do to fix this. I would really like to get all log messages tagged with the current principal. It also seems impossible to detect if the identity name instance has been disposed without trying to access it and catch the exception which is highly annoying.
View 2 Replies
Nov 24, 2010
I have a web service that uses ThreadPool to delegate a task to a thread but it runs on ASPNET (System.Environment.UserName) while the main thread runs as windows account. How can I make this thread run with same windows account. Note that I have impersonate=true in web.config. This is causing problems accessing database.
View 1 Replies
Mar 24, 2010
I am reading the Asp.net security documentation on msdn.I come across these tow terms and get really confused.
# WindowsIdentity = WindowsIdentity.GetCurrent()
which returns the identity of the security context of the currently executing Win32 thread.
# Thread = Thread.CurrentPrincipal
which returns the principal of the currently executing .NET thread which rides on top of the Win32 thread.
View 1 Replies
Jun 25, 2010
I have a password page and when someone enters an incorrect password I want to simply foil a brute force attack by having
bool isGoodPassword = (password == expected_password);
lock (this)
{
if (!isGoodPassword)
Thread.Sleep(2000);
}
I would expect that this would allow all correct passwords without stalling, but if one user enters a bad password another successful password from a different user would also be blocked. However, the lock doesn't seem to lock across ASP.NET threads.
View 4 Replies
Aug 27, 2010
I want a example of multithreading .i want to use it in a web form not on console.i am using C#.net .and how to use thread.sleep method for a particular thread.
View 5 Replies
Apr 29, 2010
What are the differences between Membership.GetUser() and Context.User, and which is recommended for use in getting information about the current user?
View 2 Replies
Oct 17, 2010
After setting the auth cookie using
FormsAuthentication.SetAuthCookie("myusername", False)
server.transfer("somepage.aspx") to open a web page.
Context.User.Identity.Name is found to be empty
But if I use
Response.Redirect("somepage.aspx")
Context.User.Identity.Name provides correct result.
I am aware of the differences between Response.Redirect and server.transfer. But exactly what is the reason behind this particular behaviour ?
View 1 Replies
Mar 3, 2011
I am trying to create a httphandler which will intercept a sample pdf file which we have in our website. The httphandler works fine from within my development machine and even my locally published website that if I just try to connect to the test url: [URL] I will get sent to the invalid access page. So pushing it to our IIS6 machine when I try to go to the URL it serves up the PDF document. context.User.Identity.IsAuthenticated is always showing as true. I'm using forms authentication. below is the code I am using as the handler.
public void ProcessRequest(HttpContext context)
{
if (context.User.Identity.IsAuthenticated)
{
string SampleURL = context.Request.AppRelativeCurrentExecutionFilePath;
context.Response.Buffer = true;
context.Response.Clear();
using (FileStream fs = new FileStream(HttpContext.Current.Server.MapPath(SampleURL),FileMode.Open))
{
int length = (int)fs.Length;
byte[] buffer;
using (BinaryReader br = new BinaryReader(fs))
{
buffer = br.ReadBytes(length);
}
context.Response.Clear();
context.Response.Buffer = true;
context.Response.ContentType = "application/pdf";
context.Response.BinaryWrite(buffer);
context.Response.End();
}
}
else
{
context.Response.Redirect(
"~/Error/invalid_access.aspx");
}}
in web.config I have the following for form authentication:
<authentication mode="Forms">
<forms name="Sample.Web" loginUrl="~/Security/" defaultUrl="~/default.aspx" protection="All" timeout="60" path="/" requireSSL="false" slidingExpiration="true" enableCrossAppRedirects="false" cookieless="UseDeviceProfile" domain="">
</forms>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
View 3 Replies
Mar 28, 2011
I'm banging my head against a wall here... can't get to the bottom of this issue. I have code that works fine when debugging in visual studio but breaks when deployed to both IIS 6 and IIS 7.5. Basically, it uses Process and ProcessStartInfo to start a program
(a command line tool, exe) and redirect the output to the web page. It uses the username and password properties of the ProcessStartInfo class to run the exe tool as a specific user. The tool requires admin privelages so I need to run it as such, but certianly don't want to run the IIS service or the asp.net app pool under an admin context.
No exception occurs when run on IIS, but it does not work, when trying to run on IIS 6 I get this error dialog: "The application failed to initialize properly (0xc0000142). Click on ok to terminate the application." It's obviously a security/config issue, but what specifically is the culprit? For IIS 6, an application pool was created for this, runs under 'network service', as usual, but again the process being started by the system.diagnostics.process class is run under a different account, which is an administrator account. For IIS 7.5, same thing,an app pool was created, so it runs under the 'iis appPoolNameOfPool' context.
View 6 Replies
Jan 1, 2010
On my master page i have a link button which should be visible only by Administrator or Supervisors roles.
So in the code behind file of the master page i have put the following code in page load event
[Code]....
but i am getting following error
The name 'User' does not exist in the current context
View 2 Replies
Feb 7, 2010
I currently have a ProfileCommon enabled on my site and would like to know where I would start to transfer this ProfileCommon's context to a user's profile after he/she has logged in. Here is a snippet of how I have defined this ProfileCommon:
[Code]....
View 2 Replies
