tags:

views:

3459

answers:

5
+1  Q: 

SPContext.Current.Web.CurrentUser returns misleading value

I'm trying to find out current user name for my sharepoint application. There are more that one way how to do this. However the sharepoint way returns misleading value. 

System.Security.Principal.WindowsIdentity.GetCurrent().Name // returns MY_COMPUTER\\my_user

HttpContext.Current.User.Identity.Name // returns MY_COMPUTER\\my_user

HttpContext.Current.Request.ServerVariables["AUTH_USER"] // returns MY_COMPUTER\\my_user

Microsoft.SharePoint.SPContext.Current.Web.CurrentUser.LoginName // returns SHAREPOINT\\system

What is the cause of this behavior? Will I encounter problems if I'll use non-sharepoint way?

+4  A: 

Are you browsing as the admin account that you used to install the system? SharePoint will "helpfully" rename that SHAREPOINT\System. Use a different account and all of the methods will return the same value.

jwmiller5  2009-01-05 17:18:16
+2  A: 

This is expected if the user is the application pool account running the current web application.
BTW, it's supposed to be the same name as displayed in the welcome control (upper left control)

Nico  2009-01-05 20:01:52
A: 

The other way SPWeb.CurrentUser could return SHAREPOINT\system is if the web is elevated, though I'm not sure why SPContext.Current would be elevated. On what kind of page are you seeing this behavior?

dahlbyk  2009-01-12 17:29:19
+1  A: 

I think you might have include this code under SPSecurity.RunWithElevatedPriviliges. Check it out once. I am not sure though

Ajju  2009-12-30 23:07:42
+1  A: 

The problem is because you are probably getting the current user from an elevated SPWeb inside a RunWithElevatedPrivileges code. You can use the snippet below to get the real user

SPWeb site = SPContext.Current.Web;
SPSecurity.RunWithElevatedPrivileges(delegate()
{
    using (SPSite ElevatedsiteColl = new SPSite(siteColl.ID))
   {
       using (SPWeb ElevatedSite = ElevatedsiteColl.OpenWeb(site.ID))
       {
            string currUser = site.CurrentUser; //not the ElevatedSite.CurrentUser
       }
   }
});

This will show the real user name instead of the SHAREPOINT\System user.

 2010-08-26 18:20:30

related questions

Encryption in C# Web-Services
How Do You Secure database.yml?
ASP.NET LocationProvider
What do you (or your company) use for wiping a machine?
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
Java: What is the best way to SFTP a file from a server
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Best way to store a database password in a startup script / config file?
Using VM to get around VPN restrictions
Best references for secure coding practices in ASP.NET and classic ASP.
Secure Memory Allocator in C++
Resolving Session Fixation in JBoss
Best Practices for securing a REST API / web service
Defensive programming
Personal Linux web server
Block user access to internals of a site using HTTP_REFERER
Is there an Unobtrusive Captcha for web forms?
My website got hacked... What should I do?
What all do I need to escape when sending a (My)SQL query?
How do you disable browser Autocomplete on web form field / input tag?
Best .NET obfuscation tools/strategy
Are there best practices for testing security in an Agile development shop?
What is the best way to avoid SQL injection attacks?
Found a critical bug, but the company doesn't care
PHP Session Security