12

I have a script file that makes a call to JSON API, and I need to send the current login username as part of the call. I tried the following :-

    $(document).ready(function () {
        var name = prompt("Please enter your packageid", "test");

        var fullurl = 'http://localhost:8080/jw/web/json/workflow/process/list?j_username=kermit&hash=9449B5ABCFA9AFDA36B801351ED3DF66&loginAs=' + HttpContext.Current.User.Identity.Name + 'packageId=' + name;
        $.ajax({
            type: "GET",
            url: fullurl,
            dataType: "JSONP",
            success: function (result) {
//code goes here

But it will raise the following error:- 'HttpContext' is undefined

veer7
  • 20,074
  • 9
  • 46
  • 74
John John
  • 1
  • 72
  • 238
  • 501

6 Answers6

20

Your script is looking for a Javascript variable called HttpContext Your code should be

@HttpContext.Current.User.Identity.Name

in Razor

so the javascript becomes

 var fullurl = 'http://localhost:8080/jw/web/json/workflow/process/list?j_username=kermit&hash=9449B5ABCFA9AFDA36B801351ED3DF66&loginAs=@HttpContext.Current.User.Identity.Name&packageId=' + name;

You're also missing and & between the user name and packageId if you intended for them to be separate variables

Edit: based on your comment and this being inside of a js file (which I guess I missed in the OP)

Two options:

  1. Is to hold the username inside a variable on the page calling the script file. Like this:

Page

<script>
var usrName = "@HttpContext.Current.User.Identity.Name";
</script>

JS file

....&loginAs='+ usrName + '&packageId=' + name;

Option Two is to not include the username at all and just get it from the Action. This is only an option if the page you're posting to is on the same app

Eonasdan
  • 7,563
  • 8
  • 55
  • 82
  • you mean i should write the javascript inside the razor and not inside the Scripts folder.?. – John John Oct 10 '12 at 13:19
  • @johnG, yes, that's what he means. – Mario S Oct 10 '12 at 13:22
  • then there is no way to get the username from inside my .js file? – John John Oct 10 '12 at 13:23
  • @Eonasdan but how i can pass the variable to the script,, i do not think it will work if i write in my razor view. can you post a complete code -if possible- – John John Oct 10 '12 at 20:18
  • did you try it? because I do that all the time. As long as `var usrName` comes **first** - **before** the `.js` file it will work – Eonasdan Oct 10 '12 at 20:29
2
$(document).ready(function () {
    var name = prompt("Please enter your packageid", "test");

    var fullurl = 'http://localhost:8080/jw/web/json/workflow/process/list?j_username=kermit&hash=9449B5ABCFA9AFDA36B801351ED3DF66&loginAs=' + <%= HttpContext.Current.User.Identity.Name %> + 'packageId=' + name;
    $.ajax({
        type: "GET",
        url: fullurl,
        dataType: "JSONP",
        success: function (result) {

the above code should work, on the javascript front you will not have access to HTTPContent object which is available only on the server, but putting them in a server code you should be able to access the same.

or you can have a hidden control with the value set from the server

<input type='hidden' id='uid' runat='server'>

server code would look like

uid.value = HTTPContext.Current.User.Identity.Name;
Chandra Sekhar Walajapet
  • 2,534
  • 17
  • 24
  • i strongly suggest you relook at passing user id as a parameter, its not a suggested practice. – Chandra Sekhar Walajapet Oct 10 '12 at 13:24
  • why but how i can integrate with other system instead ?, as i am sending a API request to return JSON from another application. so i have to send the username in my request. – John John Oct 10 '12 at 13:34
  • at first please let me know the answer i gave works for you :) , second you should look at passing a token instead of exposing your userid, where the token should be generated on your server side. – Chandra Sekhar Walajapet Oct 10 '12 at 13:37
  • thanks for your alert, but the web service i am integrating with expect a loginAs parameter to make the call, and it does not have a parameter for the token. baring in mind that i do not own the system i am integrating with.. any suggestions.? – John John Oct 10 '12 at 13:41
  • is there a possibility for you to do an AJAX call to your server and your server gets the required info for you ? by that you would not be exposing your user id to the external world. using a WebRequest Class get WebResponse ? – Chandra Sekhar Walajapet Oct 10 '12 at 13:43
  • to make things clearer. What i am doing is that i have an engine that have JSON APIs , and what i am currently doing is that i am building an asp.net mvc web application on-top-of the engine. and the user how will login to the asp.net web application should already been registered in the engine itself . second point is that to be able to get the json results from the engine i have to pass the username (loginas) so that the engine will check his validity ,, so i am not sure if i have another approach rather than exposing the username? best regards – John John Oct 10 '12 at 13:49
  • well in your case i see your JSON API is http://localhost:8080/jw/web/json/workflow/process/list instead of calling it from the javascript, you will call this on your server via AJAX and all those APIs which do not need some sensitive information you can call it from the client using javascript – Chandra Sekhar Walajapet Oct 10 '12 at 13:54
  • i understand you, but is there a demo explaining how i an call the API from the server and not using java script, in my asp.net mvc web applications? – John John Oct 10 '12 at 13:57
  • I investigate your reply regarding using a token instead of passing the user name. now in my API call i am using two parameters representing a master login credential for the API "j_username=kermit&hash=9449B5ABCFA9AFDA36B801351ED3DF66", so i think these two parameters are being used a tokens, OR i am missing something? – John John Oct 11 '12 at 07:54
  • well this is atleast clear that you dont use loginas ... provides you first layer to security! – Chandra Sekhar Walajapet Oct 11 '12 at 11:48
  • you mean i should not use LoginAS parameter and instead to hash its value? – John John Oct 11 '12 at 12:50
  • you already did a good job of replacing the loginas with a hash! though there are many hash refactors, this atleast provides a first layer of security – Chandra Sekhar Walajapet Oct 11 '12 at 12:52
1

You can use just User.Identity.Name that's derived from System.Web.WebPages.WebPageRenderingBase (that means the code should be in a View-file). You can't access server-side code directly in script-files.

 $(document).ready(function () {
        var name = prompt("Please enter your packageid", "test");

        var fullurl = 'http://localhost:8080/jw/web/json/workflow/process/list?j_username=kermit&hash=9449B5ABCFA9AFDA36B801351ED3DF66&loginAs=@User.Identity.Name&packageId=' + name;
        $.ajax({
            type: "GET",
            url: fullurl,
            dataType: "JSONP",
            success: function (result) {
//code goes here
Mario S
  • 11,715
  • 24
  • 39
  • 47
  • this will raise "Microsoft JScript runtime error: 'User' is undefined" error. – John John Oct 10 '12 at 13:15
  • as I suggest you need to make Razor render this into your javascript instead of asking javascript for it – Eonasdan Oct 10 '12 at 13:18
  • Is the script in a view or a js-file? – Mario S Oct 10 '12 at 13:19
  • in a separate script file under the Scripts folder, and i am just calling this script file in my razor. – John John Oct 10 '12 at 13:22
  • @johnG Then you should put this code in a script-tag in say your _layout.cshtml file or other view-file. – Mario S Oct 10 '12 at 13:24
  • sorry but this is not the best way to do this. moving the script file into the view will not allow for catching or easy reference later. – Eonasdan Oct 10 '12 at 13:41
  • @Eonasdan Actually, *best way* depends on what the user needs, the complexity and maintainability, of course, but I would probably also do it in a similar way you have in your answer. – Mario S Oct 10 '12 at 14:22
1

You will have to set a javascript variable in your view (.cshtml) using razor and then use this in your script file (.js)

So in your view:

<script type="text/javascript">    
            var userName = '@HttpContext.Current.User.Identity.Name';            
</script>

and then your script file

   var fullurl = '....loginAs=' + userName  + 'packageId=' + name;
dove
  • 20,469
  • 14
  • 82
  • 108
  • thanks for the reply, but what you mean by "to set a javascript variable in your view". i did not perform such thing before? – John John Oct 10 '12 at 13:16
  • updated answer, Razor will not be interpreted by compiler in your .js files but it will in your .cshtml files. Thus have the above script in your view and then use userName in your script – dove Oct 10 '12 at 13:19
1
    @User.Identity.Name

You can directly access user identity in script section by prefixing @

    @User.FindFirst(ClaimTypes.NameIdentifier).Value

also a good option.

user2315057
  • 11
  • 3
0

var usrName = '<%=@HttpContext.Current.User.Identity.Name%>'

Annia Martinez
  • 2,442
  • 1
  • 12
  • 9