Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

HttpContext.Current.User is null even though Windows Authentication is on

Tags:

asp.net

iis-7

windows-authentication

In IIS7 under Windows Server 2008, I have a virtual directory with anonymous access off and Windows authentication on. In my web.config, I have:

<authentication mode="Windows"/>
<authorization>
            <allow roles="MYGROUP"/>
            <deny users="*"/>
</authorization>

and

<system.webServer>
    <!-- IIS7 security settings -->
    <security>
        <authorization>
                <add accessType="Deny" users="*"/>
                <add accessType="Allow" roles="MYGROUP"/>
        </authorization>
    </security>
</system.webServer>

Yet when I access default.aspx from IE and set a breakpoint in Global.asax.vb Application_AuthenticateRequest(), I get a null HttpContext.Current.User where I am expecting my own identity. It is almost as if Anonymous Access is on?

What can I do to troubleshoot this? Everything seems to work in IIS6.

like image 829
Patrick Szalapski Avatar asked Nov 02 '09 20:11

Patrick Szalapski

4 Answers

The answer to of moving the Application Pool back to classical is just delaying the problem.

Instead leave the application pool alone and move your authenticate check from Application_AuthenticateRequest(), to the next function in the pipeline:

Application_AuthorizeRequest(object sender, EventArgs e)

By then the integrated Application Pool has completed the windows authentication allow you not to receive null from HttpContext.Current.User.

The pipeline can be found here (link provided by CarlosAg).

A visualization of the pipeline can be found on the asp website message lifecycle page. In the controller section checkout the two green boxes "Authentication filters" and "Authorization filters". These are the areas you are messing with.

like image 81
Choco Smith Avatar answered Nov 19 '22 19:11

Choco Smith

II7 has integrated authentication. You can set it back to the old type by changing the Application Pool back to classical in the basic settings in IIS.

*Caution this is just an explanation and example, you may want to use the integrated authentication and do something different.

like image 2
Yuriy Faktorovich Avatar answered Nov 19 '22 19:11

Yuriy Faktorovich

With IIS 7 and asp.net 4.0 the user was still null within Application_AuthenticateRequest() (object sender, EventArgs e). I had to place all authentication logic within the Application_PostAuthenticateRequest() (object sender, EventArgs e). You can see an example here context-user-is-null-in-application-authenticaterequest-via-windows-auth-in-asp

like image 2
wickdninja Avatar answered Nov 19 '22 20:11

wickdninja

Anonymous access must be on if you don't use ssl or something your own security.

like image 1
stdT Avatar answered Nov 19 '22 19:11

stdT
Sign in to Comment

Related questions

How to load Assembly at runtime and create class instance?
Is there a way to control which implicit conversion will be the default used?
NHibernate -failed to lazily initialize a collection of role
Vertically align div (no tables)
Android: How to get location information from intent bundle extras when using LocationManager.requestLocationUpdates()
What's Automapper for?
What are your WebService Versioning best practices?
How to make shell scripts robust to source being changed as they run
Is there a library for a Set data type in Javascript?
Pressing spacebar scrolls page down?
Redmine, can't see new Issue Status
In CSS, what is the difference between cascading and inheritance?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!