How can i get the LoggedIn in user Name of Client machine
without client providing the useid and password...
(wjen the users visits the page i need to get In which user Id he/she loggedIn)
I tried
string clientMachineName;
clientMachineName = (Dns.GetHostEntry(Request.ServerVariables["remote_addr"]).HostName);
Response.Write(clientMachineName);
If you're in a domain environment you could enable Windows Authentication which will allow the users to bypass explicitly logging on in favor of NTLM authentication. IE and Chrome work well with this out of the box, FF has a config setting for it.
EDIT
If you only care about browsers/OSs that support ActiveX then you can get it using Javascript with specific ActiveX privileges (from here):
<script type="text/javascript">
<!--
var WinNetwork = new ActiveXObject("WScript.Network");
alert(WinNetwork.UserName);
//-->
</script>
Try this
Might be its work as per your requirement
Request.ServerVariables["LOGON_USER"]
if Request.ServerVariables("LOGON_USER") Returns Empty String in ASP.NET
Microsoft Guidline for that
You can use Request.LogonUserIdentity for getting client details.
Response.Write(Request.LogonUserIdentity.Name);
It seems ServerVariables have been depreciated for C# in some instances.
If so, you'll need to do it this way:
string login = System.Security.Principal.WindowsIdentity.GetCurrent().Name;
If you really want to use ServerVariables, keep in mind they are CaSe Sensitive in C#. The correct casing is almost always UPPER, and here is the list of them:
List of ServerVariables
Related
I would like to get the exact url that user typed into the browser. Of course I could always use something like Request.Url.ToString() but this does not give me what i want in the following situation:
http://www.mysite.com/rss
With the url above what Request.Url.ToString() would give me is:
http://www.mysite.com/rss/Default.aspx
Does anyone know how to accomplish this?
I have already tried:
Request.Url
Request.RawUrl
this.Request.ServerVariables["CACHE_URL"]
this.Request.ServerVariables["HTTP_URL"]
((HttpWorkerRequest)((IServiceProvider)HttpContext.Current).GetService(typeof(HttpWorkerRequest))).GetServerVariable( "CACHE_URL")
((HttpWorkerRequest)((IServiceProvider)HttpContext.Current).GetService(typeof(HttpWorkerRequest))).GetServerVariable( "HTTP_URL")
Edit: You want the HttpWorkerRequest.GetServerVariable() with the key HTTP_URL or CACHE_URL. Note that the behavior differs between IIS 5 and IIS 6 (see documentation of the keys).
In order to be able to access all server variables (in case you get null), directly access the HttpWorkerRequest:
HttpWorkerRequest workerRequest =
(HttpWorkerRequest)((IServiceProvider)HttpContext.Current)
.GetService(typeof(HttpWorkerRequest));
Remember too that the "exact URL that the user entered" may never be available at the server. Each link in the chain from fingers to server can slightly modify the request.
For example if I type xheo.com into my browser window, IE will be convert to http://www.xheo.com automatically. Then when the request gets to IIS it says to the browser - you really want the default page at http://www.xheo.com/Default.aspx. So the browser responds by asking for the default page.
Same thing happens with HTTP 30x redirect requests. The server will likely only ever see the final request made by the browser.
Try using Request.Url.OriginalString
Might give you the thing you are looking for.
It is possible, you just need to combining a few of the values from the request object to rebuild the exact url entered:
Dim pageUrl As String = String.Format("{0}://{1}{2}",
Request.Url.Scheme,
Request.Url.Host,
Request.RawUrl)
Response.Write(pageUrl)
Entering the address http://yousite.com/?hello returns exactly:
http://yousite.com/?hello
Request.RawUrl
I think is the monkey you are after...
Easiest way to do this is used client-side programming to extract the exact url:
<script language="javascript" type="text/javascript">
document.write (document.location.href);
</script>
I'm writhing a web application (ASP.Net MVC, C#) that require the user to provide urls to RSS or Atom Feed that I then read with the following code :
var xmlRdr = XmlReader.Create(urlProvidedByUserAsString);
var syndicFeed = SyndicationFeed.Load(xmlRdr);
While debugging my application I accidentally passed /something/like/this as an url and I got an exception telling me that C:\something\like\this can't be opened.
It looks like a user could provide a local path and my application would try to read it.
How can I make this code safe? It probably is not sufficient to check for https:// or http:// at the begining of the url, since the user could still enter something like http://localhost/blah. Is there any other way, maybe with the uri class to check if an url is pointing to the web?
Edit: I think I also need to prevent the user from entering adresses that would point to other machines on my network like this example: http://192.168.0.6/ or http://AnotherMachineName/
Try:
new Uri(#"http://stackoverflow.com").IsLoopback
new Uri(#"http://localhost/").IsLoopback
new Uri(#"c:\windows\").IsLoopback
We have an existing ASP.NET application (WebForms) that uses home-grown authentication. We've been tasked with implementing a single sign-on solution and have chosen to use WIF.
We have a single instance of the application running and we identify the client by using a subdomain (e.g. client1.ourapp.com, client2.ourapp.com, etc). In the application code we strip off the first subdomain and that identifies the client.
We've been working with a WIF proof-of-concept to figure out how to get the user redirected back to the correct subdomain once they've authenticated. The out-of-the-box behavior seems to be that the STS redirects the user to whatever realm is identified in the config file. The following is the PoC config file. I'm using my hosts file to fake different clients (i.e. 127.0.0.1 client1.ourapp.com, 127.0.0.1 client2.ourapp.com).
<federatedAuthentication>
<wsFederation
passiveRedirectEnabled="true"
issuer="http://ourapp.com/SSOPOCSite_STS/"
realm="http://client1.ourapp.com"
requireHttps="false" />
</federatedAuthentication>
Obviously this isn't going to work because we can't redirect everyone to the same subdomain.
We think we've figured out how to handle this but would like some outside opinions on whether we're doing it the right way or whether we just got lucky.
We created an event handler for the FAM's RedirectingToIdentityProvider event. In it we get the company name from the request URL, build a realm string using the company name, set the Realm and HomeRealm of the SignInRequestMessage, then let the FAM do its thing (i.e. redirect us to the STS for authentication).
protected void WSFederationAuthenticationModule_RedirectingToIdentityProvider( object sender, RedirectingToIdentityProviderEventArgs e )
{
// this method parses the HTTP_HOST and gets the first subdomain
var companyName = GetCompanyName();
var realm = GetRealm( companyName );
e.SignInRequestMessage.Realm = realm;
e.SignInRequestMessage.HomeRealm = companyName;
}
string GetRealm( string companyName )
{
return String.Format( "http://{0}.ourapp.com/SSOPOCSite/", companyName );
}
Does this seem like a reasonable solution to the problem?
Are there any problems we might experience as a result?
Is there a better approach?
Your solution sounds good (explicitly passing along the information you need), the only other solution that comes to mind is using Request.UrlReferrer to determine which subdomain the user came from.
I have a login page where user enters Username(textbox), Password(textbox), and location(dropdownlist) then login.
On the server page, for the location dropdonwlist I have a connection string to access SQL server database to get all locations from location table and bound the data to the dropdownlist.
For the dropdownlist.SelectedItem, What I want to do is that once user enters Username, onChange, the default location for the particular user should be the selected location before the user clicks Login. This default location is defined by locationID(FK) in the Login table which has loginId, username, password, and locationID as its columns. I want the process of retrieving locationID (accessing a DB table) to happen on the server side, then pass the locationID to the client side where I can call a function to select a default dropdownlist item according to the locationID. What's the way to accomplish this?? Thanks
Programming Language C#
Database SQL Server 2005
There are two ways to get this done: AJAX or Postback. AJAX would be the nicer way and postback would be the easier way, it's up to you really...
Both ways would take the username and run a query against the db to get the locationid and then select it from the dropdown.
Logically however this can be a security hole (unless running internally) where a hacker could generate random usernames and see if they return a valid location since a passwrod is not needed. Which leads me to question why you need to select a location if it's in the db already? You can just select it when validating the user...
Which is tied more closely to a 'location': the user or the computer?
If it's appropriate to pick a default location for a computer instead of a user,
you could consider using a cookie to store the default location. Some advantages:
No javascript required - Drop down default is selected by the server.
Single request - The cookie value is included in the GET request.
It would be relatively easy to implement with some caveats:
A cookie is scoped to the client computer's (windows) user account. If you have two users on the same computer (as same user) with different locations, then this isn't a good solution.
Sometimes browsers have cookies turned off.
I'd probably use jQuery, with a method that's triggered by onBlur for the username box. This method would call an AJAX method on your page to get the default Location ID from the database.
Depending on what version of .NET you're running you can either use AjaxPro or the ASP.NET AJAX Toolkit to expose public methods. (I've found AjaxPro to be a little easier to use).
Then it's just a matter of writing the jQuery:
(Very rough code here, I probably got a lot of things wrong. If you expose the method with the Ajax Toolkit)
function doSomething()
{
var username = $.("#textbox").val();
$.ajax({
type: "POST",
url: "default.aspx",
data: "username=" + username,
success: function(result){
// Select the proper option here based on the result
$.("#dropdown").val(result);
}
});
}
AjaxPro is a little different as it generates page JavaScript which you can call to get the result.
I would like to get the exact url that user typed into the browser. Of course I could always use something like Request.Url.ToString() but this does not give me what i want in the following situation:
http://www.mysite.com/rss
With the url above what Request.Url.ToString() would give me is:
http://www.mysite.com/rss/Default.aspx
Does anyone know how to accomplish this?
I have already tried:
Request.Url
Request.RawUrl
this.Request.ServerVariables["CACHE_URL"]
this.Request.ServerVariables["HTTP_URL"]
((HttpWorkerRequest)((IServiceProvider)HttpContext.Current).GetService(typeof(HttpWorkerRequest))).GetServerVariable( "CACHE_URL")
((HttpWorkerRequest)((IServiceProvider)HttpContext.Current).GetService(typeof(HttpWorkerRequest))).GetServerVariable( "HTTP_URL")
Edit: You want the HttpWorkerRequest.GetServerVariable() with the key HTTP_URL or CACHE_URL. Note that the behavior differs between IIS 5 and IIS 6 (see documentation of the keys).
In order to be able to access all server variables (in case you get null), directly access the HttpWorkerRequest:
HttpWorkerRequest workerRequest =
(HttpWorkerRequest)((IServiceProvider)HttpContext.Current)
.GetService(typeof(HttpWorkerRequest));
Remember too that the "exact URL that the user entered" may never be available at the server. Each link in the chain from fingers to server can slightly modify the request.
For example if I type xheo.com into my browser window, IE will be convert to http://www.xheo.com automatically. Then when the request gets to IIS it says to the browser - you really want the default page at http://www.xheo.com/Default.aspx. So the browser responds by asking for the default page.
Same thing happens with HTTP 30x redirect requests. The server will likely only ever see the final request made by the browser.
Try using Request.Url.OriginalString
Might give you the thing you are looking for.
It is possible, you just need to combining a few of the values from the request object to rebuild the exact url entered:
Dim pageUrl As String = String.Format("{0}://{1}{2}",
Request.Url.Scheme,
Request.Url.Host,
Request.RawUrl)
Response.Write(pageUrl)
Entering the address http://yousite.com/?hello returns exactly:
http://yousite.com/?hello
Request.RawUrl
I think is the monkey you are after...
Easiest way to do this is used client-side programming to extract the exact url:
<script language="javascript" type="text/javascript">
document.write (document.location.href);
</script>