0

Following this blog and this answer, I'm obtaining the user's name (which seems to be the correct one). However, when I make the call as follows, I get null.

MembershipUser uno = Membership.GetUser(); //null
MembershipUser duo = Membership.GetUser(User.Identity.Name); // null
bool           tri = User.Identity.IsAuthenticated; // true
string         qua = User.Identity.AuthenticationType; // "ApplicationCookie"

The user is definitely in the DB and I used the standard registration module in the MVC.NET template. Because of the requirements elsewhere, I need to produce the actual guid and can't use the user's name.

This is a part of my Web.config, which I suspect might be of relevance. I'm not big on security issues.

<system.web>
  <authentication mode="None" />
  <compilation debug="true" targetFramework="4.5.2" />
  <customErrors mode="Off"></customErrors>
  <httpRuntime targetFramework="4.5.2" />
</system.web>
<system.webServer>
  <modules>
    <remove name="FormsAuthentication" />
  </modules>
</system.webServer>
Community
  • 1
  • 1
Konrad Viltersten
  • 36,151
  • 76
  • 250
  • 438
  • based on the link that you provided and the code you posted where are you ever getting the Guid for example `Guid guid = (Guid)Membership.GetUser().ProviderUserKey;` – MethodMan Jan 06 '16 at 20:57
  • @MethodMan Not sure if I follow your question. The two first objects are *null*, so it's impossible to get any value from the property *ProviderUserKey*. – Konrad Viltersten Jan 06 '16 at 20:58
  • if you follow the example from the blog link not sure why it's not working for you do you have the Membership setup correctly what's you .config look like [MSDN Membership Class](https://msdn.microsoft.com/en-us/library/system.web.security.membership.aspx) – MethodMan Jan 06 '16 at 21:01
  • @MethodMan Security issues like this is my weak spot. I'm not sure what to look for in the config file. I have nothing about membership, that's for sure. – Konrad Viltersten Jan 06 '16 at 21:05
  • the link provide gives an example on how to setup the entry in the config file – MethodMan Jan 06 '16 at 21:06
  • @MethodMan I'm trying to follow the example. They show how to set up a membership provider for SQL. How do I set it up for an APN.NET site? It might be very simple but keep in mind that when it comes to security issues like this, I'm a total noob and might be missing obvious things due to confusion and ignorance... – Konrad Viltersten Jan 06 '16 at 21:12

1 Answers1

0

First, since you're using the security from the template, you don't have to use Membership. What you need to get is the right type of identity by casting it to ClaimsIdentity. Then, you have access to all the claims for that user.

There's a method for obtaining the name and guid of the current user and you can let intellisense guide you. However, there's much more to the security issue to consider, so if you're curious, keep reading.

There are claims of role, user id, security provider etc. Since all those are collected in a single list, you need to filter out those that are appropriate in your case. As help, you have string fields, e.g. RoleClaimType and NameClaimType for the commonly requested claims.

var identity = User.Identity as ClaimsIdentity;
var roles = identity.Claims
  .Where(c => c.Type == identity.RoleClaimType)
  .Select(c => c.Value);

Also, note that in basic cases (with a single identity for claims), there's ClaimsPrincipal that's more recommneded to apply (it also has Claims property).