RE: Serious issue with HttpContext.Current.User.Identity.Name

From: Patrick.O.Ige (PatrickOIge_at_discussions.microsoft.com)
Date: 12/07/04 

Date: Tue, 7 Dec 2004 15:17:02 -0800

Hi Kiran..
Are you using Forms Authentication and validating against SQL Server?
Are u sure u aren;t using Windows Auth since u are calling :-
HttpContext.Current.User.Identity.Name
Pls Elaborate more..
Patrick

"kiran_s_rao@hotmail.com" wrote:

> I have a serious issue that seems to be intermittent with
> User.Identity.Name.
>
> In an environment where about 100+ users are logging on to a site with
> forms authentication, calling HttpContext.Current.User.Identity.Name
> returns the correctly logged on user.
>
> However, 10% of the time (I'm guessing under stress conditions or
> simulataneous requests), the wrong user info is being returned.
>
> The logic of this app:
>
> 1) User enters username/pass
> 2) Info is looked up via SQL DB call
> 3) If match, user is authenticated via
> FormsAuthentication.RedirectFromLoginPage(username, True)
> 4) On all the pages the user visits, his/her info is shown via a call
> to HttpContext.Current.User.Identity.Name
>
> This works almost all the time. Any ideas why it might be failing from
> time to time?
>
>

Relevant Pages

  • Re: Windows Authentication in asp.net 2005 to SQL Server?
    ... If the domains do not trust each other, Windows authentication is not going ... Basic authentication sometimes makes the need for Kerberos delegation go ... generic account to do the backend data stuff on our SQL Server. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: I dont want to re-invent the Login/Login Wheel - Help with utilities
    ... Yes, if you use .NET1.1, there isn't built-in login control, and more importanltly there isn't ready-to-use membership component to use. ... the membership provider uses SQL Server or SQL Server Express. ... We feel that having the capability to force password change would be a better benefit in securing our application and data access. ... Both Windows authentication and authorization wolud be be fine if we wanted the world to have access to our application data, but not very intuitive for maintaining integrity over our data. ...
    (microsoft.public.vstudio.general)
  • RE: IIS (ASP) -> SQLServer Authentication Issue
    ... I understand that you'd like to use IIS Intergration authentication in the ... and ASP "impersonates" authencitaed users to access SQL Server on ... only kerberos authentication allows double-hops from clients ...
    (microsoft.public.sqlserver.security)
  • Re: SBS Premium Edition .. what way is SQL licenced
    ... Another thing to note in using your SQL Server as a backend database is the ... concept of Forms-based authentication and Integrated Windows authentication. ... thereby requiring individual CALs to access SQL Server. ... Chad A. Gross - SBS MVP ...
    (microsoft.public.windows.server.sbs)
  • Re: Integrated Authentication with SQL
    ... On the IIS level there is no trouble authenticating with kerberos. ... problem is in when I try to flow those credentials over to the SQL server. ... Successful Network Logon: ... Authentication Package: Kerberos ...
    (microsoft.public.dotnet.framework.aspnet.security)