I have a web application using Forms authentication provided by AD. I would like to know if it's possible to use EWS to send mail as the currently logged in user without having to supply credentials, or; would I be required to set up an account with impersonating access which will send mail on behalf of the currently logged in user?
View 1 Replies
I have a web application with a login form. A user enters a user name and password. If they exist in the database the user is authenticated using these two lines:
[Code]....
The problem is that when a user logs in at first he is logged in as himself. When navigating on the web application for a while the user assumes the identity of another logged in user. This happens all the time. In my web.config the authentication mode looks like this:
[Code]....
The site does not use ASP.NET session variables. Instead each page initializes a Singleton class, which stores itself in a static class variable, always accessing the users data already read from the database. The Singleton implementation is:
[Code]....
Could the problem with assuming another logged in users "session" be related to static classes in my application or a Forms Authentication configuration or a configuration in IIS (e.g. is it possible for users to have their own process?).
The site is running on my local IIS 6.1. I Would like to add some features to pull information from our AD. My AD code works on many other projects and on my dev server. Here are my attempts at writing out the username:
Response.Write("1. " + this.Request.LogonUserIdentity.Name);
Response.Write("2. " + Request.ServerVariables["Auth_User"]);
Response.Write("3. " + WindowsIdentity.GetCurrent().Name.ToString());
The results I get are:
NT AUTHORITYIUSR
administrator
NT AUTHORITYNETWORK SERVICE
How can I get at the actual windows username like ourdomain/username
We've got a fairly large, complex web application that uses Forms Authentication to authenticate users. Throughout the application we store and retrieve information about users in the Session object, and in some cases in cookies. In a couple places we check for the existence of the context, and if it's null we send the user back to the login page to re-establish the session. Just a quick run-down of this web app: C#, .NET 3.5, IIS 6, ASP.NET State Service to manage sessionAs for the session timer, we use our own home-grown timer, which is basically a client-side timer, which is backed up by a check to the SQL database to see when their last activity was. This seems to work well for us. It's not perfect, but it allows us to notify the user before the session times out, and allows us to be certain we're not logging a user out before their 60 minutes of inactivity is up.What's happening is that certain users are being logged out after just a few minutes. We've eliminated the timer as a cause and believe what's happening is the HttpContext.Current is null, so the user is logged out. We do not know why the HttpContext.Current is null, and I understand there are many reasons that may occur. What I'm trying to figure out is, is there any way to re-establish the context once it is null? If not, is there anything I can do at this point other than have the user login again? We're also trying to figure out a better way of managing user information (preferences, roles, flags, history, etc), but everything needs context to use, right? Cookies, sessions, cache, etc. all require a response or request, correct? hope this makes sense, because I really need help with this. I've searched the forums here, and found many posts about HttpContext.Current going null, but not a lot of solutions for this...
View 14 RepliesI have below code to display "list of all the online users" inside listBox using Membership function.
Code:
protected void Page_Load(object sender, EventArgs e) {
if (!IsPostBack) {
MembershipUserCollection allUser = Membership.GetAllUsers(); // to get all the users
List<MembershipUser> onlineUsers = new List<MembershipUser>(); //creating list of online users
foreach (MembershipUser user in allUser)
[Code] ....
I want to remove that user from the list of online users, who himself has logged in. Example: if I had logged-in with UserName: Admin, then this Admin should not show to me in the list of "online users"
Tried below Code but not working:
protected void Page_Load(object sender, EventArgs e) {
if (!IsPostBack) {
MembershipUserCollection allUser = Membership.GetAllUsers(); // to get all the users
List<MembershipUser> onlineUsers = new List<MembershipUser>(); //creating list of online users
MembershipUser m_user = Membership.GetUser(); //to get self logged-in user
[Code] ....
I developed a website in asp.net,c# and SQL server2000. In each and every page I want to show the logged in users name with green color text.
I used Forms authentication.
I want to know what the members who are online at my site and I can identify them.Do you have an article that identifies registered online users like your site.
View 1 RepliesI want to know hom many users that uses may website (they logged in in current time)
or how many active seesions are in my site in asp.net using C# ?
I would like to know if anyone knows of any way or software that will give me a count of the number of unique users to use my site in the last 5 minutes. I want to make some updates to my site during the day but I want to check to see if there is slow traffic then I can do it but if it's busy I can wait till a later time.
View 7 Repliesam writing a web service in vb.net/asp.net 2, that needs user's name. It works fine when the url request is "www.mysite.com" but if any one has logged-in using "mysite.com" without a "www" and goes to the page that calls my web service, The HttpContext.Current.User.Identity.Name gives null. How can I resolve this problem?
View 2 RepliesI thought this would be a simple task as I am trying to get the current logged in domain user name. I have the following:
[Code]....
but it ALWAYS returns nothing ""
Is there some configuration in the ASP that I have to do first?
So I'm making a asp.net login. I want the login name that people use to match an id in my SQL database. So that I can retrieve their information. But currently when I use the code below, from which I get the name of the computer I am currently on. However I would like the user Identity to be what they write in the username textbox at the login screen.
If HttpContext.Current.User.Identity.IsAuthenticated Then
Dim userName As String = HttpContext.Current.User.Identity.Name
Response.Write(userName)
End If
So I looked for it on net and I think it might have something to do with my web.config file. As I'm totally new to asp.net I wouldn't know. However here's a part of my Web.config file.
[Code]....
I'm trying to get the current logged in UserId Value, using this code
[code]...
But, I getting an error (NullReferenceException), I did set a url authorization on the page that i try to get the logged in user information, witch is info.aspx, and I made the login.aspx control to be redirected to the info.aspx after the login process, But the info.aspx only shows me (access in denied), how can i make this page knows that i am already logged in?
I'm in the middle of moving a web application from IIS6 to IIS7. I've enabled "Windows Authentication" and added <deny users="?" /> to the authorization section of my web.config file. When the app was running on IIS6 my users where able to access the web app without logging in because their windows login was automatically recognized. This does not seem to be the case in II7. I can not get a value for "Current.User.Identity.Name" in my ASP.Net code.
View 1 RepliesThe scenario is that I wanna insert a record to the database via INSERT query and I need to user the identity number of this record in the INSERT query.
But I don't know how to achieve this.
Here is my table structure and code for your better understanding.
There are three columns in the Table: categoryID, categoryName, categoryPath. I need the path based on the categoryID which is an identity int column.
Now I used this code to do INSERT:
[Code]....
I have created an ExtendedId class which extends GenericIdentity. (This stores Id as well as name)
In a httpmodule I stored this extended id in Current.User like so:
HttpContext.Current.User = new GenericPrincipal(myExtendedId, roles);
Problem is, later, how do I get at my ExtendedId type again?
If I try this:
ExtendedId eId = (ExtendedId)HttpContext.Current.User.Identity;
We are observing some strange behaviour in our web server logs where where the Identity of the currently logged in user seems to be getting swapped with another user. I will describe our set up before explaining further.
We are running an asp.net web site (v3.5 of the framework) on 2 Windows 2008 web servers and use forms authentication.They are load balanced using a separate server running Apache 2.2 on Linux (Cent OS 5). The load balancing simply attaches a cookie to a user and directs them to a particular server for each subsequent request.
We notice on occasion patterns in the log like this (details obfuscated)
First Log Entry
UserName - customer1@x.com
UserId - 1111
WebPage - page1
IP - ip1
Time - 2010-06-29 12:56:20.750
SessionId - h3uyz2fsdfegugjy452sdz0far.........
We are using forms authentication using the standard asp.net forms authentication framework (the standard login control and we implemented a custom membership provider).
The UserName is the Windows identity retrieved using "HttpContext.Current.User.Identity.Name" The UserId is the database Id set in the session. The sessionId is retrieved using "HttpContext.Current.Session.SessionID"
As you can see the same Windows identity is the same for 2 different users, under different IP addresses and with different session id's, hitting the site about the same time. We checked and the IP's were from totally different locations. The wrong windows identity seems to be getting recorded. UserId 2222 should have a different username recorded.
Since it happens very occasionally, the code is standard and has not changed substantially for some time we don't "think" it is a coding error. We presume either a problem with the load balancer or some problem in the web server. I have never heard of such problems in asp.net before.
The forms authentication entry in the web.config is
authentication mode="Forms"
forms loginUrl="LoginPage.aspx" name=".ASPXFORMSAUTH"
i am trying to show a list of users of my application "school", when admin logs in then he can view all the users in list but when school principals logins, he should get only users of his school, So i thought to get the current loggedIn userId first and then by that userId i'll get schoolId since userId is foreign key in school table...once i'll get the schoolId i can show the members of that school.
But my problem is how to get the UserID of currently loggedIn. I'm using MVC 1.0 Asp.Net -- "Membership" if my logic above is wrong then tell me the alternate good idea, so that principal can see only his users list.
I wan't to link to the current logged in user with their userid, this is for the user menu. But I don't see why my code dosen't work.Code Behind:
[Code]....
Masterpage:
<asp:LoginView
ID="LoginView1"
runat="server">
<LoggedInTemplate>
<asp:HyperLink
ID="UserProfil"
Text="Profil"
runat="server">Profil</asp:HyperLink>
</LoggedInTemplate>
</asp:LoginView>
I have a Asp Mvc 2 site using forms authentication. When I run it locally I can log in and stay logged in indefinitely.
However when I put it on the server I seem to only stay logged in for a few minutes and then seems to be logged out. I have looked at the cookies and there are 2 which seem relevant:
.ASPXAUTH which is a session cookie .ASPXANONYMOUS which expires in 3 months.
When I refresh the page the cookies stay the same until I get logged out, when I seem to get a new .ASPXANONYMOUS cookie, but the .ASPXAUTH seems to be the same. It seems that I might be able to stay logged in until I do something after a certain amount of time. If I submit a form as soon as I am logged in then it works ok, but if I keep submitting data again and again then after a minute or so, one of the submits will happen as a logged out user and not as the user who was logged in, which all the other submits worked as. What might cause this behaviour and how can I track down what is different & change it so that I can stay logged in indefinitely?
its a single server, but after some more investigation and searching the likely candidate seems to be that I am using more than 100mb on the server and the application pool is getting recycled. I suppose now i need to know How can I check how much memory I'm using. What advice there is to reduce that.
I got this error when I try to browse my default.aspx and I think this problem cause from my web.config. Take a look on my web.config file.
The current identity (Butterfly-PCWebsite) does not have write access to 'C:WindowsMicrosoft.NETFrameworkv2.0.50727Temporary ASP.NET Files'.
Exception Details: System.Web.HttpException: The current identity (Butterfly-PCWebsite) does not have write access to 'C:WindowsMicrosoft.NETFrameworkv2.0.50727Temporary ASP.NET Files'.
Code: <?xml version="1.0" encoding="UTF-8"?> <!--
Note: As an alternative to hand editing this file you can use the web admin tool to configure settings for your application. Use the Website->Asp.Net Configuration option in Visual Studio. A full list of settings and comments can be found in machine.config.comments usually located in WindowsMicrosoft.NetFrameworkv2.xConfig
<configuration>
<appSettings />
<connectionStrings>
<add name="csACC" connectionString="server=localhost;User Id=root;Persist Security Info=True;database=acc" providerName="MySql.Data.MySqlClient" />
<add name="csAgent2" connectionString="server=localhost;User Id=root;database=acc" providerName="MySql.Data.MySqlClient" />
<add name="masterConnectionString" connectionString="Data Source=BUTTERFLY-PCSQLEXPRESS;Initial Catalog=master;Integrated Security=True" providerName="System.Data.SqlClient" />
</connectionStrings>
<system.web>
<!--
Set compilation debug="true" to insert debugging symbols into the compiled page. Because this affects performance, set this value to true only during development.
Visual Basic options:
Set strict="true" to disallow all data type conversions where data loss can occur.
Set explicit="true" to force declaration of all variables. -->
<compilation debug="true" strict="false" explicit="true" />
<pages>
<namespaces>
<clear />
<add namespace="System" />
<add namespace="System.Collections" />
<add namespace="System.Collections.Specialized" />
<add namespace="System.Configuration" />
<add namespace="System.Text" />
<add namespace="System.Text.RegularExpressions" />
<add namespace="System.Web" />
<add namespace="System.Web.Caching" />
<add namespace="System.Web.SessionState" />
<add namespace="System.Web.Security" />
<add namespace="System.Web.Profile" />
<add namespace="System.Web.UI" />
<add namespace="System.Web.UI.WebControls" />
<add namespace="System.Web.UI.WebControls.WebParts" />
<add namespace="System.Web.UI.HtmlControls" />
</namespaces>
</pages>
<!--
The <authentication> section enables configuration of the security authentication mode used by ASP.NET to identify an incoming user. -->
<authorization>
<allow roles="administrators" />
<deny users="*" />
</authorization>
<!--
The <customErrors> section enables configuration of what to do if/when an unhandled error occurs during the execution of a request. Specifically, it enables developers to configure html error pages to be displayed in place of a error stack trace.
<customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
<error statusCode="403" redirect="NoAccess.htm" />
<error statusCode="404" redirect="FileNotFound.htm" />
</customErrors> -->
</system.web>
<system.webServer>
<directoryBrowse enabled="true" />
</system.webServer>
</configuration>
is possible to create another property like 'userid' as i can access like
HttpContext.Current.User.Identity.userid ? if yes , how? (actualy last year i did something like this but i have forgotten
I create two pages, the first one is the login page with user name and password textboxes - (not asp login control) , when clicking login button I check the login authentication, if it is true redirect to default page. in the default page if !IsCallBack then i check httpcontext.current.user.identity.isauthenticated
if it is false i redirect the user to the login page. but my problem is that the httpcontext.current.user.identity.isauthenticated is always false.
Below the section of authentication in web config
[code]....
I have installed and repaired .NET 4.0 already, and I can not figure out why IIS will not run 4.0 applications. I am running Windows 2003 R2, Sp2. IIS 6.0 I created a new ASP.NET Application in Visual Studio 2010, and published it to a site on my IIS. In IIS, I have selected it to run with 4.0, and my web.config also says to compile in 4.0 My First error was : Unrecognized attribute 'targetFramework'. Note that attribute names are case-sensitive. (C:Inetpub...web.config line 22)
After some research, I found that my IIS had no v4.0 Web Service Extension setup. I thought this was odd, but I manually added it. New error was : The current identity (NT AUTHORITYNETWORK SERVICE) does not have write access to
C:WINDOWSMicrosoft.NETFrameworkv4.0.30319Temporary ASP.NET Files'.
After some research, I found I needed to add this folder, and give all rights to it. I know something is wrong, I shouldn't have to do this. My application is still erroring.. failing to load my ReportViewer :
Exception message: Could not load file or assembly 'Microsoft.ReportViewer.Common, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' or one of its dependencies. The system cannot find the file specified.
My research and I think my aspnet_regiis did not run properly.. so I trieto run this myself: but I get this error!!
-aspnet_regiis.exe - Application Error
-The application failed to initialize properly (0xc0000005). Click on OK to terminate the application.
In my web application, an users identity is verified at the page load using his n/w credentials.Now i have this 'Adding Attachment' functionality which us creating the problem. I have to store the file in a different server which have access to only one userid. I guess i hv to impersonate the cuurent user with the other user id for this functionality alone
View 11 Replies
