tags:

views:

134

answers:

4
Q: 

ASP.NET Authentication Troubleshooting

I have a fairly complex web app that was built (by a contractor) to use integrated authentication. As part of the authentication process, a GetNetworkID() function is used that looks like this:

private string GetNetworkID()
{
    return HttpContext.Current.User.Identity.Name.Split(new char[] { '\\' })[1];
}

When I run this on my development box, the HttpContext.Current.User.Identity.Name value is myNetwork\\myUserID, so the above funciton returns my User ID, as intended, and the authenticaiton process works just fine.

But when I run this on my web server, I get an Index was outside the bounds of the array error thrown by the return statement in the GetNetworkID() function.

I'm a bit lost on how to troubleshoot this and how to figure out if it's an IIS configuration issue (my web server is a Windows Server 2008 box running IIS 7), or something else.

If I hard-code my User ID as the return value for the GetNetworkID() function, it works on the web server, but I don't have any great ideas about how to debug on the web server to determine what the HttpContext.Current.User.Identity.Name return value is that's causing the array index error.

Any suggestions?

+1  A: 

I think the user that logs into your web applciation on the other server, is not a valid login. And hence a result is not returned on User.Identity.Name.

Like you said, it works when you hardcoded the username. This means, the user creditials of the PC you are using to login is not permitted on your site. This therefore must be different to the credentials you are hardcoding.

Best bet is to debug on web server (it isn't hard - all you want to return is the User.Identity.Name and you can get the username and deduce logic from there), and verify the contents in your web.config file.

waqasahmed  2009-09-09 23:01:42
Thanks for you help, waqasahmed.
theog  2009-09-09 23:50:15
+2  A: 

IIS runs as the IIS Service Account, so Current.User.Identity is likely going to be the name of the IIS Account.

For completeness sake, you should check for '\' either with a Find() or by calling split, and checking the length of the resultant array. If the length is 1, that means the id isn't in the form of domain\username.

In general, if you want to debug, you can write any value to the HTTP Response stream like so:

Response.Write(HttpContext.Current.User.Identity.Name)

Another method is to setup an ASP page variable, and set the page variable to the value you'd like to inspect. You can display the variable value either through ASP code, or through Javascript.

Alan  2009-09-09 23:01:52
That's helpful, thank you Alan.
theog  2009-09-09 23:11:06
Okay, so Alan wins the prize, and I have self-administered a dope-slap for my lack of insight. As it turns out, on my local machine the HttpContext.Current.User.Identity.Name is MyNetwork\\MyUserID. On the Server the value is "Joe Blow". Don't know why; don't know how I'm going to deal with that, but that's what's throwing the array index error. Thank you all for your time and not calling me out for the knucklehead that I am.
theog  2009-09-09 23:49:21
Got it fixed, and it was a simple setting. As it turns out, I was only looking at IIS authentication methods for the app directory, trying different settings with no success. The “Joe Blow” return value was happening with Anonymous authentication, causing the array index exception. All other authenticaion methods gave me a 401 response. Turns out that Windows Authentication at the server level was disabled and set to give the user a 401 response. Once I enabled Windows Authentication at the server level, it worked like a champ--no array index exception and successful authentication.
theog  2009-09-10 17:59:40
+2  A: 

You might be missing an IIS setting.

Try in IIS: Website (right click) | Properties | Directory Security (tab)

Click "Edit..."

Then select "Integrated Windows Authentication"

Aaron Bennett  2009-09-09 23:06:24
And turn off the other forms of authentication.
Jerry Bullard  2009-09-09 23:33:50
Thanks Destructr... Not sure if I trust you with a user name like that. :) Seriously though, I did muck with the directory security and tried all combinations of authentication settings in IIS. No luck. I think Alan's got me going in the right direction. Thanks.
theog  2009-09-09 23:40:24
Destructr, the process to enable WIA is a bit different in IIS 7, but this is what essentially fixed my problem. WIA was disabled at the parent directory level above my app's directory.
theog  2009-09-10 18:04:18
Haha, I would have preferred Constructr but someone had taken that domain already :P Thank you for the update, theog. I had this very problem while running an antiquated version of Windows and thought to check the site for any other users with the problem.
Aaron Bennett  2009-09-30 03:17:23
+1  A: 

As Alan pointed out (and I upvoted him for it) you probably want to add a check on what form the User.Identity.Name takes. An updated routine could for example look like this:

private string GetNetworkID()
{
    var name = HttpContext.Current.User.Identity.Name;
    return name.InStr("\\") > -1 ? name.Split("\\")[1] : name;
}

This will return the second part of the login name if a \ is present, and the full string if not.

Tomas Lycken  2009-09-09 23:34:49
Excellent, thank you Tomas.
theog  2009-09-09 23:41:00

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?