Where in User.Identity.Name gets a value in Login control?

Athena · Joined: 11 Nov 2007 Posts: 1

Hello,

For a logging application I need to test the value of User.Identity.Name
together with User.Identity.IsAuthenticated to direct the program flow. I
tried Login.Authenticated, LoggedIn and Page_Load events. In all cases the
value is returned as empty. Based on whether this value equal to "admin" I
would like to make a CreateUserWizard control visible if the user is
authenticated. I would appreciate if you give me a code example. Thank you.

Athena

Archived from group: microsoft>public>dotnet>framework>aspnet

Bryan Porter · Joined: 29 Nov 2007 Posts: 1

Athena,

Once the user has authenticated successfully through one of the log in
controls, the (and this is from memory, so bear with me) User property of the
current HttpContext instance should be populated. Depending on the membership
provider you are using, HttpContext.Current.User.Identity should hold either
a WindowsIdentity object or a GenericIdentity object.

If they don't, the user can't have been authenticated, or you are using
custom forms authentication (not one of the membership providers) and not
setting the forms authentication ticket properly.

Hope that helps.

"Athena" wrote:

> Hello,
>
> For a logging application I need to test the value of User.Identity.Name
> together with User.Identity.IsAuthenticated to direct the program flow. I
> tried Login.Authenticated, LoggedIn and Page_Load events. In all cases the
> value is returned as empty. Based on whether this value equal to "admin" I
> would like to make a CreateUserWizard control visible if the user is
> authenticated. I would appreciate if you give me a code example. Thank you.
>
> Athena
>
>

Wainage · Joined: 29 Nov 2007 Posts: 2

Athena,

I’ve looked at your code and your problem stems from a basic
misunderstanding of ASP.NET’s “Forms” authentication. Since I am also a
rookie programmer let me give you a brief break down of how it works.

When a user clicks the login button on the login form the following sequence
occurs:
1. Username and Password are validated against the data store (XML, SQL etc)
2. If valid and Authentication Ticket is created that contains the Username
3. The Ticket is encrypted and passed into the pending Http Response
4. The current page is “Refreshed” with a Response.Redirect (and the cookie
is delivered to the browser)

The user is now logged in and User.Identity.Name and User.Identity will now
be populated. How? The following occurs:
1. Http request begins (before the Page is even created)
2. If the request contains a Authentication cookie it is decrypted (it does.
Step 4 above)
3. A user Principal is created containing the Username
4. This Principal is assigned to the current Context (User.Identity.XXXX is
now available)
5. … rest of the request processing, page processing continues …

This may look confusing at first but understanding it is vital in
understanding how authentication in ASP.NET works.

I’ve included a sample (unfortunately I only speak C# - but there is very
little and it is well commented) that will provide the behavior you are
looking for.

The default.aspx page has a [LoginStatus] control as well as a [LoginView]
to hide our controls from anonymous users. The [CreateUserWizard] control is
part of the template and visible is false.

In Page_Load we check to see if the user is “admin”. If so
[CreateUserWizard].Visible = true;

To make it work, run the “Web Site Administration Tool”, enable security and
add a “admin” and a couple of test users.

I hope this lifts the fog.

Wainage

=============================================
[default.aspx]
-------------------------------------------------------------------------
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs"
Inherits="_Default" %>

"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

Untitled Page

To Work on the site u need to log in

Visible="false">

runat="server">

runat="server">

All Logged in users can see this ...

-------------------------------------------------------------------------
protected void Page_Load(object sender, EventArgs e)
{
// the Wizard control is only shown when the user is Authenticated
// so we need to find the control (this.CreateUserWizard1 does not
work)
// We ask LoginView to find the control
CreateUserWizard wizard =
(CreateUserWizard)LoginView1.FindControl("CreateUserWizard1");

// did we find it?
if (wizard != null) // Yes!
{
// check username
if ("admin" == User.Identity.Name)
wizard.Visible = true; // for "admin"
else
wizard.Visible = false; // for everyone else
}
}
=============================================
[login.aspx]
-------------------------------------------------------------------------
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="login.aspx.cs"
Inherits="login" %>

"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

Untitled Page

=============================================

Eliyahu Goldin · Joined: 08 Aug 2007 Posts: 39

The problem is that the authentication principal won't get set until the
next request to the
server. But you can use the "UserName" property on the Usercontrol
within the LoggedIn event to identify the user.

--
Eliyahu Goldin,
Software Developer
Microsoft MVP [ASP.NET]
http://msmvps.com/blogs/egoldin
http://usableasp.net

"Athena" wrote in message @microsoft.com...
> Hello,
>
> For a logging application I need to test the value of
> User.Identity.Name together with User.Identity.IsAuthenticated to direct
> the program flow. I tried Login.Authenticated, LoggedIn and Page_Load
> events. In all cases the value is returned as empty. Based on whether this
> value equal to "admin" I would like to make a CreateUserWizard control
> visible if the user is authenticated. I would appreciate if you give me a
> code example. Thank you.
>
> Athena
>

Scott Roberts · Joined: 15 Nov 2007 Posts: 23

"Wainage" wrote in message @microsoft.com...

> When a user clicks the login button on the login form the following
> sequence
> occurs:
> 1. Username and Password are validated against the data store (XML, SQL
> etc)
> 2. If valid and Authentication Ticket is created that contains the
> Username
> 3. The Ticket is encrypted and passed into the pending Http Response
> 4. The current page is “Refreshed” with a Response.Redirect (and the
> cookie
> is delivered to the browser)

Steps 1-3 all occur on the initial postback, and during that postback the
User.Identity is not populated. Step 4 does not occur automatically. You can
set a redirect url on the login control or manually redirect from the
code-behind, but either way, the User.Identity is still not set for the
initial postback. Your code works because you're checking User.Identity.Name
in default.aspx, which is *after* the login. If I read the OP correctly, he
wants to redirect from within the login page on the initial postback.

As Eliyahu said, to check the username on the initial postback of the login
page, you'll need to use the "Username" property of the login control.

Ian Semmel · Joined: 10 Aug 2007 Posts: 3

You can check in OnAuthenticate and do the authentication yourself eg

protected void Login1_OnAuthenticate(object sender,
AuthenticateEventArgs e)
{

MembershipUser user =
Membership.GetUser(Login1.UserName, false);

if (user == null)
return;

if (!user.IsApproved)
{
Login1.FailureText = "You have not yet been
approved";
Login1.FailureAction =
LoginFailureAction.Refresh;
e.Authenticated = false;
}
else
{
e.Authenticated = Membership.ValidateUser (
Login1.UserName, Login1.Password );
}

}

> -----Original Message-----
> From: Athena [mailto:Nospam@nospam.com]
> Posted At: Thursday, 29 November 2007 10:55 AM
> Posted To: microsoft.public.dotnet.framework.aspnet
> Conversation: Where in User.Identity.Name gets a value in Login
> control?
> Subject: Where in User.Identity.Name gets a value in Login control?
>
> Hello,
>
> For a logging application I need to test the value of
> User.Identity.Name
> together with User.Identity.IsAuthenticated to direct the program
flow.
> I
> tried Login.Authenticated, LoggedIn and Page_Load events. In all cases
> the
> value is returned as empty. Based on whether this value equal to
> "admin" I
> would like to make a CreateUserWizard control visible if the user is
> authenticated. I would appreciate if you give me a code example.
Thank
> you.
>
> Athena

User.Identity.Name Hi, I am using Forms -in which - I am trying to use i am getting the user name in this field even after i logout (i.e, and also i am trying to use for checkin

Automatic login to a user account on restart On a MacIntosh computer you can set up the account preferences so when the computer starts up it will automatically sign into a specific account when multiple user accounts have been set up. Is this possible to do on a PC running Windows XP? For example:

asp.net login control My asp.net login controlled page doesnt work in web server. I ve created the database file with asp_regsql programme but I couldtn find where I ll add the connection string of new database ? A sample page is here it also doesnt work

Problem with Login Control Hi Guys, I have setup a SQL 2005 DB with ASP.NET membership tables. Everything seems to work and I am able to connect to this DB (sitting in different server) because the WSAT allows me to create users and roles. However, when I place a login control on t

web server connection to SQL Server - Login failed for user Cant get past the error in the subject line! I have my development machine running IIS and connecting to a database server over the network. I want to use integrated windows - so I added my anonymous user account to the database server IUSR