Hello,
I'm facing a big problem in an Asp.Net application, when
users connect the application, I store their user
informations into the session object (session_start).
But when 2 users click (nearly) at the same time on the
page myprofile, the first user sees his profile (the
correct one) and the second sees the profile of the first
(very bad).
the "HttpContext.Current.User.Identity" is not the
expected one.
web.config entries:
<authentication mode="Windows"/>
<identity impersonate="false"/>
<authorization>
<allow users="*"/>
</authorization>
<sessionState mode="InProc" cookieless="false"
timeout="20"/>
Any idea ?
Many thanks for your help.
Gilles 4 1251
HttpContext.Current.User.Identity represents the currently logged-in user.
If the web disallows anonymous authentication, this will (probably) be a
different user with each client. If anonymous browsing is allowed, the user
will always be the Anonymous Internet User account.
--
HTH,
Kevin Spencer
Microsoft MVP
..Net Developer
Neither a follower nor a lender be.
"Gilles" <an*******@discussions.microsoft.com> wrote in message
news:24****************************@phx.gbl... Hello, I'm facing a big problem in an Asp.Net application, when users connect the application, I store their user informations into the session object (session_start). But when 2 users click (nearly) at the same time on the page myprofile, the first user sees his profile (the correct one) and the second sees the profile of the first (very bad). the "HttpContext.Current.User.Identity" is not the expected one. web.config entries: <authentication mode="Windows"/> <identity impersonate="false"/> <authorization> <allow users="*"/> </authorization> <sessionState mode="InProc" cookieless="false" timeout="20"/> Any idea ? Many thanks for your help. Gilles
Thanks for your quick reply,
The Web Server is set to:
"Integrated Windows authentication"
and "Anonymous access" is disabled.
What else can I do to avoid this session mix ?
Thanks
Gilles -----Original Message----- HttpContext.Current.User.Identity represents the
currently logged-in user.If the web disallows anonymous authentication, this will
(probably) be adifferent user with each client. If anonymous browsing is
allowed, the userwill always be the Anonymous Internet User account.
-- HTH,
Kevin Spencer Microsoft MVP ..Net Developer Neither a follower nor a lender be.
"Gilles" <an*******@discussions.microsoft.com> wrote in
messagenews:24****************************@phx.gbl... Hello, I'm facing a big problem in an Asp.Net application, when users connect the application, I store their user informations into the session object (session_start). But when 2 users click (nearly) at the same time on the page myprofile, the first user sees his profile (the correct one) and the second sees the profile of the
first (very bad). the "HttpContext.Current.User.Identity" is not the expected one. web.config entries: <authentication mode="Windows"/> <identity impersonate="false"/> <authorization> <allow users="*"/> </authorization> <sessionState mode="InProc" cookieless="false" timeout="20"/> Any idea ? Many thanks for your help. Gilles
.
> The Web Server is set to: "Integrated Windows authentication" and "Anonymous access" is disabled. What else can I do to avoid this session mix ?
I'm not sure. I haven't had to deal with this issue before. But if I'm
reading the SDK correctly, you need to set the "identity impersonate"
attribute to true. From what I've read, this enables "per request"
impersonation.
--
HTH,
Kevin Spencer
Microsoft MVP
..Net Developer
Neither a follower nor a lender be.
<an*******@discussions.microsoft.com> wrote in message
news:14****************************@phx.gbl... Thanks for your quick reply,
The Web Server is set to: "Integrated Windows authentication" and "Anonymous access" is disabled. What else can I do to avoid this session mix ?
Thanks
Gilles-----Original Message----- HttpContext.Current.User.Identity represents the currently logged-in user.If the web disallows anonymous authentication, this will (probably) be adifferent user with each client. If anonymous browsing is allowed, the userwill always be the Anonymous Internet User account.
-- HTH,
Kevin Spencer Microsoft MVP ..Net Developer Neither a follower nor a lender be.
"Gilles" <an*******@discussions.microsoft.com> wrote in messagenews:24****************************@phx.gbl... Hello, I'm facing a big problem in an Asp.Net application, when users connect the application, I store their user informations into the session object (session_start). But when 2 users click (nearly) at the same time on the page myprofile, the first user sees his profile (the correct one) and the second sees the profile of the first (very bad). the "HttpContext.Current.User.Identity" is not the expected one. web.config entries: <authentication mode="Windows"/> <identity impersonate="false"/> <authorization> <allow users="*"/> </authorization> <sessionState mode="InProc" cookieless="false" timeout="20"/> Any idea ? Many thanks for your help. Gilles
.
Thanks Kevin,
I'll try that tomorrow (it's 19h00 here in Belgium :) ),
but I'm quite sure I tried that
some time ago and it didn't work...
I'll let you informed.
Gilles -----Original Message----- The Web Server is set to: "Integrated Windows authentication" and "Anonymous access" is disabled. What else can I do to avoid this session mix ? I'm not sure. I haven't had to deal with this issue
before. But if I'mreading the SDK correctly, you need to set the "identity
impersonate"attribute to true. From what I've read, this enables "per
request"impersonation.
-- HTH,
Kevin Spencer Microsoft MVP ..Net Developer Neither a follower nor a lender be.
<an*******@discussions.microsoft.com> wrote in message news:14****************************@phx.gbl... Thanks for your quick reply,
The Web Server is set to: "Integrated Windows authentication" and "Anonymous access" is disabled. What else can I do to avoid this session mix ?
Thanks
Gilles-----Original Message----- HttpContext.Current.User.Identity represents the currently logged-in user.If the web disallows anonymous authentication, this will (probably) be adifferent user with each client. If anonymous browsing is allowed, the userwill always be the Anonymous Internet User account.
-- HTH,
Kevin Spencer Microsoft MVP ..Net Developer Neither a follower nor a lender be.
"Gilles" <an*******@discussions.microsoft.com> wrote in messagenews:24****************************@phx.gbl.. . Hello, I'm facing a big problem in an Asp.Net application, when users connect the application, I store their user informations into the session object (session_start). But when 2 users click (nearly) at the same time on the page myprofile, the first user sees his profile (the correct one) and the second sees the profile of the first (very bad). the "HttpContext.Current.User.Identity" is not the expected one. web.config entries: <authentication mode="Windows"/> <identity impersonate="false"/> <authorization> <allow users="*"/> </authorization> <sessionState mode="InProc" cookieless="false" timeout="20"/> Any idea ? Many thanks for your help. Gilles
.
. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: grahamd |
last post by:
Who are the appropriate people to report security problems to
in respect of a module included with the Python distribution?
I don't feel it appropriate to be reporting it on general mailing
lists.
|
by: TC |
last post by:
Hello All,
I have recently had the pleasure of installing Norton Internet Security 2005
and finding that I can no longer create or open a web-based application in
Visual Studio .Net. The IDE...
|
by: Joseph Geretz |
last post by:
I'm having a credentialing problem in my web application. Actually, I don't
think this is an IIS security issue, since I'm able to access the page I'm
requesting. However, the executing page itself...
|
by: Earl Teigrob |
last post by:
Background:
When I create a ASP.NET control (User or custom), it often requires security to be set for certain functionality with the control. For example, a news release user control that is...
|
by: cdlipfert |
last post by:
Our intranet is running under windows integrated security. We have
domain users that want to access our intranet site via ssl vpn. SSL
VPN can not authenticate against services that run under...
|
by: Charles Leonard |
last post by:
I am having yet another issue with Windows Server 2003. This time, the web
service (a file import web service) appears to run except for one odd
message: "ActiveX component can't create object". ...
|
by: Jay C. |
last post by:
Jay
3 Jan. 11:38 Optionen anzeigen
Newsgroups: microsoft.public.dotnet.framework.webservices.enhancements
Von: "Jay" <p.brunm...@nusurf.at> - Nachrichten dieses Autors suchen
Datum: 3 Jan...
|
by: Ankit Aneja |
last post by:
This is my problem. I am using Visual 2003, .Net framework 1.1 and the
Application Block
I configured the DAAB using the Enterprise Library Configuration
now this is the error which is coming
...
|
by: WebServiceSecurity |
last post by:
The issue involves the following technologies: -
1. .NET 2.0 Framework
2. WSE2.0 (WS-Security)
3. X.509 certificates
4. BEA Weblogic 8.1.5
|
by: Edmund |
last post by:
I hope someone can help me out set up the security properly.
I have Microsoft Access 97 and Access 2000 in my computer and I developed my
database with Access 2000 with the updated patch...
|
by: isladogs |
last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM).
In this month's session, we are pleased to welcome back...
|
by: isladogs |
last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM).
In this month's session, we are pleased to welcome back...
|
by: jfyes |
last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
|
by: ArrayDB |
last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
|
by: PapaRatzi |
last post by:
Hello,
I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
|
by: Defcon1945 |
last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
|
by: Shællîpôpï 09 |
last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
|
by: af34tf |
last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
|
by: Faith0G |
last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
| |