Last post Jun 23, 2018 10:54 AM by k00tje
Jun 22, 2018 08:20 AM|k00tje|LINK
I've created a simple webform that collects some data entered by the user and insert that in a SQL database.
To identify the user i've used this:
public static string curruser = (System.Security.Principal.WindowsIdentity.GetCurrent().Name).Replace("domainname\\","");
This works flawless untill the form is used by multiple users.
The first user that uses the form seems to "claim" the identity.
When other users connect they are shown as the one that was using the form the first time and all entries in my databases are logged with the same first user.
This also applies when the first user already closed the form.
I tried HttpContext.Current.User.Identity.Name as an alternative, but that gave me the same problem.
Can anyone point me in the right direction ? Is this a IIS thing (V 8.5) or code related ?
Jun 22, 2018 04:26 PM|PatriceSc|LINK
You are using public static string curruser which means you have a SINGLE curruser string
shared by all users. Using a static class or method is ok. The problem is just with static data (you could turn curruser into a static property shortcut that will just return User.Identity.Name).
In short keep in mind, especially if you are used to writing desktop applications, that a web application is basically a single application used by multiple users at the same time.
Avoid System.Security.Principal.WindowsIdentity.GetCurrent().Name as what is returned dépends on how the site is configured (technically speaking this is the account Under which the code runs which can be but not necessarily the same than the authenticated
user, User.Identity.Name is ALWAYS the authenticated user).
Jun 23, 2018 10:54 AM|k00tje|LINK
Did this the trick.
I'm no pro developer (small IT dep and doing everything) and indeed so far I only did make desktop applications.
Many, many thanks for you clear explanation !