[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


HttpContext.Current.User is Nothing in Application_AuthenticateRequest

Posted on 2008-11-04
Medium Priority
Last Modified: 2012-08-14
Hi experts,

I have an ASP.NET application in develoment, that uses Forms Authentication.  I have written some code (based on an article from MSDN, if I remember correctly) to store role-information in a ticket in a coockie.

Then in the "Application_AuthenticateRequest" method of Global.asax, I used some information of HttpContect.Current.User to get back to the role-info that was stored in the ticket.

Now, after a few weeks when everything worked fine, all of a sudden the "HttpContect.Current.User" is always equal to Nothing, and I have no clue where to look.  I have checked that none of my security-related code has changed.


Question by:joriszwaenepoel
  • 2
LVL 20

Expert Comment

ID: 22880976
Have you recently moved to IIS 7? Have a look at this link, especially items 8 to 10: http://mvolo.com/blogs/serverside/archive/2007/12/08/IIS-7.0-Breaking-Changes-ASP.NET-2.0-applications-Integrated-mode.aspx

LVL 10

Author Comment

ID: 22883759
That's good to know, but I haven't changed the version of IIS.
I am developing using VS2005, and the problem exists with the internal "visual studio development server" and also with the IIS Web Server.  That is why I think it must be a project setting or some programmatic change that caused this change in behaviour.

I have found a workaround (keeping the roles in an session variable, instead of in the authentication ticket), but I would still like to know what caused this.  It could help to prevent similar problems in fututre projects.


LVL 10

Accepted Solution

joriszwaenepoel earned 0 total points
ID: 22933169
I found the reason why the code suddenly failed:
As I added more roles to the application, the amount of data in the ticket increased, until it stopped working.  I discovered that by adding a user with less privileges, for who the original code still worked, then added more privileges until it suddenlmy stopped working.  So I guess there is a limit to the amount of data that can be stored in the ticket (in the coockie).

I now store the role-information in a session variable, ans use that instead.

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today is the age of broadband.  More and more people are going this route determined to experience the web and it’s multitude of services as quickly and painlessly as possible. Coupled with the move to broadband, people are experiencing the web via …
It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question