Global.asax and HttpContext.User

  • Thread starter Thread starter Victor Jones
  • Start date Start date
V

Victor Jones

I had a question about accessing HttpContext.User in global.asax. I was
trying to access HttpContext.User in Application_BeginRequest() which had a
null value as opposed to containing a valid GenericPrincipal while
accessing it from a Page_Init() method of the same application.

When does the HttpContext.User get initialized in the life-cycle? Why cannot
I access the same in Application_BeginRequest() ?

Thanks
Viktor
 
Are you trying to find out who is the first user to your website or will
using the Session_OnStart be enough?

Regards,

Trevor Benedict R
MCSD

*** Sent via Devdex http://www.devdex.com ***
Don't just participate in USENET...get rewarded for it!
 
Even in Application_Authenticate event, the HttpContext.User remains null,
until the request is authenticated.
 
I wrote a test script in the Every event that the global.asax had to
offer. Here is the sequence of events and the value of Identity.Name

Application_Start - NT AUTHORITY\SYSTEM
Global_BeginRequest - PETRA\Administrator
Application_BeginRequest - PETRA\Administrator
Global_AuthenticateRequest - PETRA\Administrator
Application_AuthenticateRequest - PETRA\Administrator
Global_AuthorizeRequest - PETRA\Administrator
Session_Start - PETRA\Administrator

Except Application_Start the rest of the events have the value.

Do you have the following lines in your web.config file
<authentication mode="Windows" />
<identity impersonate="true"/>

If you do not have then this may be the reason why you are not seeing
the actual User Name. And also check if you have disabled anonymous
login. If not you will be seeing this account.

Also make sure that you Unload the application/restart IIS everytime you
make test like this or you could change the global.asax or web.config
file to automatically restart the application.

Another tip : You can SHIFT + Right click on the Internet Explorer Icon
from the Task Bar to provide different credential when testing your
application.

HTH

Trevor Benedict R
MCSD

*** Sent via Devdex http://www.devdex.com ***
Don't just participate in USENET...get rewarded for it!
 
Thanks Trevor. I was using forms authentication and my observation was a
little different from the one you had mentioned. I would assume that
HttpContext.User would be a GenericPrincipal from Application_Start, but it
has a null value until it reaches Application_AuthorizeRequest. Somehow, the
context variable (while using Forms Authentication) gets set between
Applicaiton_AuthenticateRequest and Application_AuthorizeRequest, which I
wanted to gain more perspective on . I see that the IIS settings are similar
to what you had mentioned and reset the IIS before the request as well. Iam
not sure why I see the difference when operated with Forms vs. Windows
authentication.

If the user's identity is anonymous, I would expect empty string for
Context.User.Identity.Name in all events from Application_BeginRequest,
unless Iam missing something.

Thanks
Viktor
 
Back
Top