Re: Security problem/issue ASP.Net

anonymous_at_discussions.microsoft.com
Date: 02/07/05

• Next message: Juan T. Llibre: "Re: changing cursor"
• Previous message: Craig G: "Re: changing cursor"
• In reply to: Kevin Spencer: "Re: Security problem/issue ASP.Net"
• Next in thread: Kevin Spencer: "Re: Security problem/issue ASP.Net"
• Reply: Kevin Spencer: "Re: Security problem/issue ASP.Net"
• Messages sorted by: [ date ] [ thread ]

---

Date: Mon, 7 Feb 2005 08:28:07 -0800

Thanks for your quick reply,

The Web Server is set to:
"Integrated Windows authentication"
and "Anonymous access" is disabled.
What else can I do to avoid this session mix ?

Thanks

Gilles
>-----Original Message-----
>HttpContext.Current.User.Identity represents the
currently logged-in user.
>If the web disallows anonymous authentication, this will
(probably) be a
>different user with each client. If anonymous browsing is
allowed, the user
>will always be the Anonymous Internet User account.
>
>--
>HTH,
>
>Kevin Spencer
>Microsoft MVP
>..Net Developer
>Neither a follower nor a lender be.
>
>"Gilles" <anonymous@discussions.microsoft.com> wrote in
message
>news:24b601c50d2e$a23116f0$a401280a@phx.gbl...
>> Hello,
>> I'm facing a big problem in an Asp.Net application, when
>> users connect the application, I store their user
>> informations into the session object (session_start).
>> But when 2 users click (nearly) at the same time on the
>> page myprofile, the first user sees his profile (the
>> correct one) and the second sees the profile of the
first
>> (very bad).
>> the "HttpContext.Current.User.Identity" is not the
>> expected one.
>> web.config entries:
>> <authentication mode="Windows"/>
>> <identity impersonate="false"/>
>> <authorization>
>> <allow users="*"/>
>> </authorization>
>> <sessionState mode="InProc" cookieless="false"
>> timeout="20"/>
>> Any idea ?
>> Many thanks for your help.
>> Gilles
>
>
>.
>

---

• Next message: Juan T. Llibre: "Re: changing cursor"
• Previous message: Craig G: "Re: changing cursor"
• In reply to: Kevin Spencer: "Re: Security problem/issue ASP.Net"
• Next in thread: Kevin Spencer: "Re: Security problem/issue ASP.Net"
• Reply: Kevin Spencer: "Re: Security problem/issue ASP.Net"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: Stumped by Authentication Problem ... Administrator group on the Web server and I can't figure out why. ... We have a local group called Users that conains our Domain Users. ... - Integrated Windows Authentication ... (microsoft.public.inetserver.iis.security) Re: Stumped by Authentication Problem ... Administrator group on the Web server and I can't figure out why. ... We have a local group called Users that conains our Domain Users. ... - Integrated Windows Authentication ... (microsoft.public.inetserver.iis.security) Re: Get Windows User Name via ASP.NET ... once I move my web-site aspx files to the web server it returns ... Other browsers do not support Integrated Windows Authentication. ... Internet Explorer defaults to not sending the user identity if the server is not in the local intranet. ... (microsoft.public.dotnet.languages.csharp) Re: New post: Integrated Windows Authentication for remote users ... Maybe the proxy is ... It works fine inside my LAN, and on some other places outside my LAN, ... priveliges denied on the web server or on the firewall to this web ... (microsoft.public.inetserver.iis.security) Re: Right way to check POST parameters? ... Jerry Stuckle wrote: ... from Gilles' web server. ... from a VB app on the client, but that Giles has already abandoned this ... (comp.lang.php)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)