By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,678 Members | 2,192 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,678 IT Pros & Developers. It's quick & easy.

Help please - User == null even when logged in

P: n/a
Hello,

I have some pages that are protected by forms authentication, and am
adding code to the global.asax so that if someone tries to load (say)
/order83.aspx, if they are logged in, it will rewrite the url to
/order.aspx?orderid=83, and if they aren't logged in, it will redirect
them to the default page.

The reason for this is that I don't want people seeing the login page if
they aren't site admin folk. If I just let the normal authentication
stuff do it's job, they will be sent to the log in page. Non admin
people shouldn't know that the log in page even exists, so I don't want
to show it to them.

So what I am doing in global.asax is this ...

void Application_BeginRequest(Object sender , EventArgs e) {
string strPath = Request.Path.ToLower();
if (strPath.StartsWith("/order") {
if ((User != null) && (User.Identity != null) && (User.Identity.IsAuthenticated)) {
// do stuff here to get the order number and rewrite the URL
} else {
Response.Redirect("/");
}
}
}

Obviously this is greatly simplified from what's actually in there, but
this is the important bit.

The problem is that the check for the user being logged in is failing,
even when I am logged in. It seems that User is null, irrespective of
being logged in or not.

The weird thing is that I previously had that line just as...

if (User.Identity.IsAuthenticated) {

and it worked fine. Just today, I started getting a run time error
saying that the object (which I found out meant User) was null. That's
why I added the extra tests in the if statement. The only change I know
of is that Windows prompted me for an update today, something to do with
a security threat in graphics code. I didn't really take to much notice
unfortunately, but I'm pretty sure it was not related to this.

Anyone any ideas? I'm stuck!! TIA

--
Alan Silver
(anything added below this line is nothing to do with me)
Nov 19 '05 #1
Share this Question
Share on Google+
3 Replies


P: n/a
Do you deny anonymous access?
"Alan Silver" <al*********@nospam.thanx> wrote in message
news:Sn**************@nospamthankyou.spam...
Hello,

I have some pages that are protected by forms authentication, and am
adding code to the global.asax so that if someone tries to load (say)
/order83.aspx, if they are logged in, it will rewrite the url to
/order.aspx?orderid=83, and if they aren't logged in, it will redirect
them to the default page.

The reason for this is that I don't want people seeing the login page if
they aren't site admin folk. If I just let the normal authentication stuff
do it's job, they will be sent to the log in page. Non admin people
shouldn't know that the log in page even exists, so I don't want to show
it to them.

So what I am doing in global.asax is this ...

void Application_BeginRequest(Object sender , EventArgs e) {
string strPath = Request.Path.ToLower();
if (strPath.StartsWith("/order") {
if ((User != null) && (User.Identity != null) &&
(User.Identity.IsAuthenticated)) {
// do stuff here to get the order number and rewrite the URL
} else {
Response.Redirect("/");
}
}
}

Obviously this is greatly simplified from what's actually in there, but
this is the important bit.

The problem is that the check for the user being logged in is failing,
even when I am logged in. It seems that User is null, irrespective of
being logged in or not.

The weird thing is that I previously had that line just as...

if (User.Identity.IsAuthenticated) {

and it worked fine. Just today, I started getting a run time error saying
that the object (which I found out meant User) was null. That's why I
added the extra tests in the if statement. The only change I know of is
that Windows prompted me for an update today, something to do with a
security threat in graphics code. I didn't really take to much notice
unfortunately, but I'm pretty sure it was not related to this.

Anyone any ideas? I'm stuck!! TIA

--
Alan Silver
(anything added below this line is nothing to do with me)

Nov 19 '05 #2

P: n/a
Begin Request is before forms authentication has been done (IIS autheication
has been as IIS does this). You want to use a later event.

-- bruce (sqlwork.com)

"Alan Silver" <al*********@nospam.thanx> wrote in message
news:Sn**************@nospamthankyou.spam...
Hello,

I have some pages that are protected by forms authentication, and am
adding code to the global.asax so that if someone tries to load (say)
/order83.aspx, if they are logged in, it will rewrite the url to
/order.aspx?orderid=83, and if they aren't logged in, it will redirect
them to the default page.

The reason for this is that I don't want people seeing the login page if
they aren't site admin folk. If I just let the normal authentication stuff
do it's job, they will be sent to the log in page. Non admin people
shouldn't know that the log in page even exists, so I don't want to show
it to them.

So what I am doing in global.asax is this ...

void Application_BeginRequest(Object sender , EventArgs e) {
string strPath = Request.Path.ToLower();
if (strPath.StartsWith("/order") {
if ((User != null) && (User.Identity != null) &&
(User.Identity.IsAuthenticated)) {
// do stuff here to get the order number and rewrite the URL
} else {
Response.Redirect("/");
}
}
}

Obviously this is greatly simplified from what's actually in there, but
this is the important bit.

The problem is that the check for the user being logged in is failing,
even when I am logged in. It seems that User is null, irrespective of
being logged in or not.

The weird thing is that I previously had that line just as...

if (User.Identity.IsAuthenticated) {

and it worked fine. Just today, I started getting a run time error saying
that the object (which I found out meant User) was null. That's why I
added the extra tests in the if statement. The only change I know of is
that Windows prompted me for an update today, something to do with a
security threat in graphics code. I didn't really take to much notice
unfortunately, but I'm pretty sure it was not related to this.

Anyone any ideas? I'm stuck!! TIA

--
Alan Silver
(anything added below this line is nothing to do with me)

Nov 19 '05 #3

P: n/a
>Begin Request is before forms authentication has been done (IIS autheication
has been as IIS does this). You want to use a later event.
Ah, that would explain why User was null!!

Can I do URL rewriting in later events? I thought it had to be done in
BeginRequest.

Thanks
"Alan Silver" <al*********@nospam.thanx> wrote in message
news:Sn**************@nospamthankyou.spam...
Hello,

I have some pages that are protected by forms authentication, and am
adding code to the global.asax so that if someone tries to load (say)
/order83.aspx, if they are logged in, it will rewrite the url to
/order.aspx?orderid=83, and if they aren't logged in, it will redirect
them to the default page.

The reason for this is that I don't want people seeing the login page if
they aren't site admin folk. If I just let the normal authentication stuff
do it's job, they will be sent to the log in page. Non admin people
shouldn't know that the log in page even exists, so I don't want to show
it to them.

So what I am doing in global.asax is this ...

void Application_BeginRequest(Object sender , EventArgs e) {
string strPath = Request.Path.ToLower();
if (strPath.StartsWith("/order") {
if ((User != null) && (User.Identity != null) &&
(User.Identity.IsAuthenticated)) {
// do stuff here to get the order number and rewrite the URL
} else {
Response.Redirect("/");
}
}
}

Obviously this is greatly simplified from what's actually in there, but
this is the important bit.

The problem is that the check for the user being logged in is failing,
even when I am logged in. It seems that User is null, irrespective of
being logged in or not.

The weird thing is that I previously had that line just as...

if (User.Identity.IsAuthenticated) {

and it worked fine. Just today, I started getting a run time error saying
that the object (which I found out meant User) was null. That's why I
added the extra tests in the if statement. The only change I know of is
that Windows prompted me for an update today, something to do with a
security threat in graphics code. I didn't really take to much notice
unfortunately, but I'm pretty sure it was not related to this.

Anyone any ideas? I'm stuck!! TIA

--
Alan Silver
(anything added below this line is nothing to do with me)



--
Alan Silver
(anything added below this line is nothing to do with me)
Nov 19 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.