2

I have encountered with a very peculiar for me thing. I started developing a Web site in Visual Studio 2010 and finished in 2012. It is VB.NET, framework 4.0. Throughout the Web site I use Request.ServerVariables("LOGON_USER"). Everything works as it should.

I recently started developing another Web site using 2012 from the beginning. What happens is Request.ServerVariables("LOGON_USER") does not return any value! It is simply empty! However, if I open this same application with Visual Studio 2010, it works!

Can anyone explain what is going on here and how do I fix it in VS2012? Thank you!

Nikita Silverstruk
  • 1,097
  • 1
  • 20
  • 42
  • Why are you using server variables? Use `User.Identity.Name`. – jrummell Mar 26 '13 at 19:16
  • Could you elaborate on the difference? Anyway, the same result... – Nikita Silverstruk Mar 26 '13 at 19:20
  • No need for magic strings, extensible API, etc. See http://www.asp.net/web-forms/tutorials/security/introduction/an-overview-of-forms-authentication-cs for an overview. – jrummell Mar 26 '13 at 19:30
  • Also, did you disable anonymous authentication? – jrummell Mar 26 '13 at 19:31
  • We use windows authentication. There is no anonymous by default if you are within our network... I use the same settings as the other Web-site, which works just fine... – Nikita Silverstruk Mar 26 '13 at 19:33
  • Anonymous authentication may be turned on by default in IIS. Have you checked? – jrummell Mar 26 '13 at 19:38
  • I have and it is off. I am thinking it may have something to do the IIS that VS2012 uses... It has its own IIS and runs it for the app... – Nikita Silverstruk Mar 26 '13 at 20:36
  • 1
    [This answer](http://stackoverflow.com/a/12109676/26226) may be helpful. – jrummell Mar 27 '13 at 12:25
  • If you will post this as an answer, I will accept it. The solution is close to the one they posted. In the Solution's properies window the Anonymous Authentication was set to Enabled and Windows Authentication was Disables. I Disabled the first one and Enabled the other... I've no idea why VS2012 did this exactly on this Web Site, though... – Nikita Silverstruk Mar 27 '13 at 17:20
  • possible duplicate of [IIS express applicationhost.config security is reset every time a solutions is opened in VS2012](http://stackoverflow.com/questions/12042144/iis-express-applicationhost-config-security-is-reset-every-time-a-solutions-is-o) – jrummell Mar 27 '13 at 17:23

1 Answers1

2

This problem occurs because the authentication-related variables in the ServerVariables collection are not populated if you use Anonymous Access security to access the .aspx page. This problem can also occur if you give the Anonymous user access in the section of the Web.config file.

To populate the LOGON_USER variable when you use any authentication mode other than None, you can deny access to the Anonymous user in the section of the web.config.

Just change the authentication mode in the Web.config file to anything other than None. For example, the following entry in the Web.config file sets the authentication mode to Forms-based authentication:

<authentication mode="Forms" />


<!-- To deny access to the Anonymous user in the Web.config file, use the following syntax: --!>

<authorization>
   <deny users = "?" /> <!-- This denies access to the Anonymous/unregistered user -->
   <allow users ="*" /> <!-- This allows access to all registered users -->
</authorization>

I'm not sure why this is different between VS 2010 & 2012, but this has happened to me before, and I used the above steps to remedy it. So as I said, just check your web.config file!

Hope this answers your question!

adaam
  • 3,700
  • 7
  • 27
  • 51
  • I've read this already, it doesn't help, unfortunately. I use Windows authentication but it does not matter, even changing it does not change anything. I use the same settings in the Web.config as my other app, which works in both 2012 and 2010... I am quite confused with this one. Maybe it has something to do that the app was created in 2012 instead of 2010? I don't really know what settings 2012 applie besides the one in web.config... – Nikita Silverstruk Mar 26 '13 at 19:27