Web.HttpContext.Current.User.Identity.Name is blank

[Dan Bart]

I am using an application which is a modification of IBuySpy Portal.
It is using Forms authentication. Users login and their name is added
to
Context
Then I use:

Web.HttpContext.Current.User.Identity.Name

to write audit trail as to what users do. Now recently on one of the
activities I noticed that the

Web.HttpContext.Current.User.Identity.Name was blank. Which should not
have been possible?

Can someone please tell me why this could have happened? And how I can
prevent this?



Thanks,



db

 

[Teemu Keiski]

And it is put to the Context on every request i.e user is athenticated with
forms auth and then in Application_AuthenticateRequest you populate the
HttpContext with the Principal? I am asking because HttpContext is recreated
for every request which means that user details must also.

 

[Dan Bart]

Yes it is put in the Context on every request in Global.asax.vb

Thanks,

db

 

[Pete]

Hi Dan,

I notice this behaviour too but only after the initial authentication
request. Subsequent requests contain the expected user name.

--
Cheers

Pete

XBOX Live Leagues & Tournaments
http://www.xboxracing.net/

 

[Andrea D'Onofrio [MSFT]]

To populate the LOGON_USER variable when you use any authentication mode
other than None, you can deny access to the Anonymous user in the
<authorization> section of the Web.config file and change the authentication
mode other then None.

NOTE: When you enable Anonymous authentication in conjunction with Windows
authentication <or> if you grant access to the Anonymous user in the
<authorization> section while you are using any authentication mode other
than None, other server variables such as AUTH_USER and REMOTE_USER (as well
as the HttpContext.Current.User.Identity.Name property) also return an
empty string. You can use the any of the above-mentioned resolutions to
populate these variables.

Please refer to this public article for any additional details:
306359 PRB: Request.ServerVariables("LOGON_USER") Returns Empty String in
http://support.microsoft.com/?id=306359

HtH,
Andrea

--
This posting is provided "AS IS" with no warranties, and confers no rights.

Hi Dan,

I notice this behaviour too but only after the initial authentication
request. Subsequent requests contain the expected user name.

--
Cheers

Pete

XBOX Live Leagues & Tournaments
http://www.xboxracing.net/

addedcontext that the code is running under. Context.User.Identity is the
user that asp.net recognizes - and this is not always the same. In
particular, if impersonation is off you'll get the app pool identity (or
ASPNET in IIS5) for WindowsIdentity; User.Identity will give the user name
regardless of impersonation.