2

In the web.config:

<configuration>
    <authentication mode="Windows">
    </authentication>
    <authorization>
      <deny users="?" />
    </authorization>
</configuration>

in global.asax

protected void Application_AuthenticateRequest(object sender, EventArgs args)
{
    tracker.LogRequest(HttpContext.Current.User, DateTime.Now)
    ///THIS IS ALWAYS NULL!!!
}

I am just really confused by this, any ideas?

lostinplace
  • 1,538
  • 3
  • 14
  • 38

1 Answers1

3

I think this is a symptom of listening on the wrong event. You should probably listen for Application.PostAuthenticateRequest.

Running a sample piece of code using a project I have that authenticates against my local domain's Active Directory to ask if the User object is nothing:

Code

Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As EventArgs)
    Debug.WriteLine("Authenticate Request: " & (HttpContext.Current.User Is Nothing))
End Sub

Sub Application_PostAuthenticateRequest(ByVal sender As Object, ByVal e As EventArgs)
    Debug.WriteLine("Post-authenticate Request: " & (HttpContext.Current.User Is Nothing))
End Sub

Output

Authenticate Request: True

Post-authenticate Request: False

Following the PostAuthenticateRequest event, the HttpContext.Current.User.Identity property is an instance of System.Security.Principal.GenericIdentity for unauthenticated requests.

lsuarez
  • 4,952
  • 1
  • 29
  • 51
  • oddly any attempt to hook into PostAuthenticateRequest yields a "Object reference not set to an instance of an object. " in [NullReferenceException: Object reference not set to an instance of an object.] System.Web.PipelineStepManager.ResumeSteps(Exception error) +1116 System.Web.HttpApplication.BeginProcessRequestNotification(HttpContext context, AsyncCallback cb) +89 System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context) +189 – lostinplace Dec 23 '11 at 19:25
  • I don't think is the source of the problem though since this code has worked on one of my workmate's PCs – lostinplace Dec 23 '11 at 19:26
  • Not according to a brief bit of testing I've done. Unauthenticated contexts do not have User objects until after the post-authenticate event. See the above code and results. – lsuarez Dec 23 '11 at 19:38
  • hmmm, sounds good, although I still can't hook into postauthenticate without a crash. – lostinplace Dec 23 '11 at 19:58
  • Are you being alerted that there is no code associated with the exception? Also, (and this is a bit of a shot in the dark), does your global.asax prototype follow the convention: `void Application_PostAuthenticateRequest(object sender, EventArgs e)`? – lsuarez Dec 23 '11 at 20:00
  • please be aware this is authorize checking in then Authenticate section, you should wait check user in AuthorizeRequest (next in the pipeline) – Choco Smith Jan 10 '14 at 14:47