Problems implementing role security (.Net 1.1)

I'm having a problem implementing role based security.  Here's my code:

 

    Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As EventArgs)
		' Fires upon attempting to authenticate the use



		If Not HttpContext.Current.User Is DBNull.Value Then


			If HttpContext.Current.User.Identity.AuthenticationType = "Forms" Then


				Dim id As Web.Security.FormsIdentity = CType(HttpContext.Current.User.Identity, Web.Security.FormsIdentity)


				Dim ticket As Web.Security.FormsAuthenticationTicket = id.Ticket


				Dim userData As String = ticket.UserData

				Dim roles() As String = userData.Split(CChar(","))


				HttpContext.Current.User = New System.Security.Principal.GenericPrincipal(id, roles)


			End If


		End If


    End Sub

 Here's the error I get:

Server Error in '/AVAT' Application.

Object reference not set to an instance of an object.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.NullReferenceException: Object reference not set to an instance of an object.

Source Error:

Line 48: 
Line 49: 
Line 50: 			If HttpContext.Current.User.Identity.AuthenticationType = "Forms" Then
Line 51: 
Line 52: 

Source File: C:\Inetpub\wwwroot\AVAT\Global.asax.vb    Line: 50

Stack Trace:

[NullReferenceException: Object reference not set to an instance of an object.]
   AVAT.Global.Application_AuthenticateRequest(Object sender, EventArgs e) in C:\Inetpub\wwwroot\AVAT\Global.asax.vb:50
   System.Web.SyncEventExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute() +60
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +87


Version Information: Microsoft .NET Framework Version:1.1.4322.2032; ASP.NET Version:1.1.4322.2032

What the heck is wrong? I'm confused by it.  I got the line of code that is erroring out from a Microsoft MSDN page so I"m even more confused.

 

Thanks,

Michael

0
mjhoagland
6/27/2006 1:12:33 PM
asp.net.security 27051 articles. 1 followers. Follow

10 Replies
1269 Views

Similar Articles

[PageSpeed] 41
Get it on Google Play
Get it on Apple App Store

Try something like this...

 

If ((HttpContext.Current Is Nothing) OrElse _
(HttpContext.Current.User Is Nothing) OrElse _
(HttpContext.Current.User.Identity Is Nothing) OrElse _
(HttpContext.Current.User.Identity.AuthenticationType Is Nothing)) Then _

 'Authentication cannot be checked; so, assume the user is NOT authenticated.

Then

 'Authentication can be checked; so, check authentication here.

End If

 

 


http://www.NetBrainer.com
0
mkamoski
6/27/2006 1:37:52 PM

Thank.  It goes past the If structures and errors out on the next line.

Server Error in '/AVAT' Application.

Object reference not set to an instance of an object.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.NullReferenceException: Object reference not set to an instance of an object.

Source Error:

Line 51: 
Line 52: 
Line 53: 				Dim id As Web.Security.FormsIdentity = CType(HttpContext.Current.User.Identity, Web.Security.FormsIdentity)
Line 54: 
Line 55: 

Source File: C:\Inetpub\wwwroot\AVAT\Global.asax.vb    Line: 53

Stack Trace:

[NullReferenceException: Object reference not set to an instance of an object.]
   AVAT.Global.Application_AuthenticateRequest(Object sender, EventArgs e) in C:\Inetpub\wwwroot\AVAT\Global.asax.vb:53
   System.Web.SyncEventExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute() +60
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +87


Version Information: Microsoft .NET Framework Version:1.1.4322.2032; ASP.NET Version:1.1.4322.2032

If I add the New keyword to id then I get an "end of statement expected" error from Visual Studio on my CType conversion.

0
mjhoagland
6/27/2006 1:45:50 PM
mjhoagland:

Thank.  It goes past the If structures and errors out on the next line...

OOPs.

That is my mistake.

The code that I originally posted was wrong. It had some "Not" keyworks that should have been removed and needed another tweak.

I just edited my post above.

Please try that new code... which looks like this...

If ((HttpContext.Current Is Nothing) OrElse _
(HttpContext.Current.User Is Nothing) OrElse _
(HttpContext.Current.User.Identity Is Nothing) OrElse _
(HttpContext.Current.User.Identity.AuthenticationType Is Nothing)) Then _

 'Authentication cannot be checked; so, assume the user is NOT authenticated.

Then

 'Authentication can be checked; so, check authentication here.

End If

 

Thank you.

-- Mark Kamoski


http://www.NetBrainer.com
0
mkamoski
6/27/2006 2:08:08 PM
mjhoagland:

Thank.  It goes past the If structures and errors out on the next line....

BTW, the problem may be deeper than it looks.

That is, it may be the case that one or more of those objects SHOULD be instantiated at that point.

One can workaround that case by testing for null and simply making an assumption of "not authenticated"; but, that may (or may not) address the deep issue. I do not know the answer to that question for your application.

To see what exactly is null and what is not, try this code...

If (HttpContext.Current Is Nothing) Then
 Throw New System.ApplicationException("HttpContext.Current Is Nothing")
Else
 'Continue.
End If

If (HttpContext.Current.User Is Nothing) Then
 Throw New System.ApplicationException("HttpContext.Current.User Is Nothing")
Else
 'Continue.
End If

If (HttpContext.Current.User.Identity Is Nothing) Then
 Throw New System.ApplicationException("HttpContext.Current.User.Identity Is Nothing")
Else
 'Continue.
End If

If (HttpContext.Current.User.Identity.AuthenticationType Is Nothing) Then
 Throw New System.ApplicationException("HttpContext.Current.User.Identity.AuthenticationType Is Nothing")
Else
 'Continue.
End If


http://www.NetBrainer.com
0
mkamoski
6/27/2006 2:16:02 PM

Ahh, yes.

HttpContext.Current.User is null.

I thought this was filled in automatically with at least a generic user.  How do I accomplish this?

0
mjhoagland
6/27/2006 3:51:17 PM

I changed it to check to see if HttpContext.Current.User is nothing and am trying to assign a generic user called "User" if it is.

Here's my code:

 
    Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As EventArgs)
		' Fires upon attempting to authenticate the use




		If (Not HttpContext.Current.User Is Nothing) Then


			Dim id As Web.Security.FormsIdentity = CType(HttpContext.Current.User.Identity, Web.Security.FormsIdentity)


			Dim ticket As Web.Security.FormsAuthenticationTicket = id.Ticket


			Dim userData As String = ticket.UserData


			Dim roles() As String = userData.Split(CChar(","))


			HttpContext.Current.User = New System.Security.Principal.GenericPrincipal(id, roles)


		Else


			Dim id As New System.Security.Principal.GenericIdentity("User", "Forms")


			Dim iID As System.Security.Principal.IIdentity = id


			Dim formsID As Web.Security.FormsIdentity = CType(iID, Web.Security.FormsIdentity)


			Dim ticket As New Web.Security.FormsAuthenticationTicket(1, "User", Now, Now.AddMinutes(30), False, "Public")


			Dim userData As String = ticket.UserData


			Dim roles() As String = userData.Split(CChar(","))


			HttpContext.Current.User = New System.Security.Principal.GenericPrincipal(iID, roles)


		End If


    End Sub

 But for some reason it errors when I convert the type of iID from IIdentity to FormsIdentity.

Server Error in '/AVAT' Application.

Specified cast is not valid.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.InvalidCastException: Specified cast is not valid.

Source Error:

Line 73: 
Line 74: 
Line 75: 			Dim formsID As Web.Security.FormsIdentity = CType(iID, Web.Security.FormsIdentity)
Line 76: 
Line 77: 

Source File: C:\Inetpub\wwwroot\AVAT\Global.asax.vb    Line: 75

Stack Trace:

[InvalidCastException: Specified cast is not valid.]
   AVAT.Global.Application_AuthenticateRequest(Object sender, EventArgs e) in C:\Inetpub\wwwroot\AVAT\Global.asax.vb:75
   System.Web.SyncEventExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute() +60
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +87


Version Information: Microsoft .NET Framework Version:1.1.4322.2032; ASP.NET Version:1.1.4322.2032

From what I've seen in multiple tutorials, this conversion should work but it obviously doesn't.

 

Any more help you can give it appreciated.

 

Thanks.

0
mjhoagland
6/27/2006 4:11:24 PM
mjhoagland:

I changed it to check to see if HttpContext.Current.User is nothing and am trying to assign a generic user called "User" if it is....

Version Information: Microsoft .NET Framework Version:1.1.4322.2032; ASP.NET Version:1.1.4322.2032

From what I've seen in multiple tutorials, this conversion should work but it obviously doesn't.

 

Any more help you can give it appreciated.

It looks like your Framework Version is 1.1, as noted above.

I think that it should be 2.0, shouldn't it?

Maybe that cast is only valid in DotNet 2.0?

What version of DotNet do they use in the tutorials?

Also-- what tutorials? Do you have any links?

I really do not know why that cast fails-- but, my guess is that it might be a DotNet 2.0 thing.

Just a guess.

HTH.

Thank you.

-- Mark Kamoski


http://www.NetBrainer.com
0
mkamoski
6/27/2006 5:14:01 PM

I changed my Framework version to 2.0 and this insted:

Server Error in '/AVAT' Application.

Unable to cast object of type 'System.Security.Principal.GenericIdentity' to type 'System.Web.Security.FormsIdentity'.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.InvalidCastException: Unable to cast object of type 'System.Security.Principal.GenericIdentity' to type 'System.Web.Security.FormsIdentity'.

Source Error:

Line 73: 
Line 74: 
Line 75: 			Dim formsID As Web.Security.FormsIdentity = CType(iID, Web.Security.FormsIdentity)
Line 76: 
Line 77: 

Source File: C:\Inetpub\wwwroot\AVAT\Global.asax.vb    Line: 75

Stack Trace:

[InvalidCastException: Unable to cast object of type 'System.Security.Principal.GenericIdentity' to type 'System.Web.Security.FormsIdentity'.]
   AVAT.Global.Application_AuthenticateRequest(Object sender, EventArgs e) in C:\Inetpub\wwwroot\AVAT\Global.asax.vb:75
   System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +92
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +64


Version Information: Microsoft .NET Framework Version:2.0.50727.42; ASP.NET Version:2.0.50727.42

Puzzling, I'm going to look for those tutorials again.

0
mjhoagland
6/27/2006 5:32:58 PM
Haha, I figured it out.  In going back through my tutorials I found one from 4guysfromrolla.com that didn't check the state of HttpContext.Current.User.  Instead, they check for Request.IsAuthenticated and everything works fine.  Thanks for your time!
0
mjhoagland
6/27/2006 5:51:49 PM

mjhoagland:
Haha, I figured it out.  In going back through my tutorials I found one from 4guysfromrolla.com that didn't check the state of HttpContext.Current.User.  Instead, they check for Request.IsAuthenticated and everything works fine.  Thanks for your time!

Oh.

I see.

That would make a difference, I suppose.

I am glad that you found an answer.

Thank you.

-- Mark Kamoski


http://www.NetBrainer.com
0
mkamoski
6/28/2006 3:21:34 PM
Reply:

Similar Artilces:

Problems while porting .Net framework 1.0 (VB.Net) application to .Net Framework 1.1
Hello,   I have a ASP.Net web application,written in VB.Net,developed on .Net Framework 1.0 .I am trying to port it on to .Net framework 1.1.   For achieving this,I follow the following steps-   1.Open the project using the .vbproj file. 2.I am prompted with the conversion message "Do you want to convert the solution and all projects to .Net framework  1.1....." 3.I click "Yes" 4.I assume that the project is now converted. 5.I build the project & try to run it. 6.I get the following error -     Server Error in '/Consert.Net' Application. ...

Differences between .net 1, .net 1.1, .net 2.0 and .net 3.0
Hi, This seems to be a common question, but i havent got an answer yet:(Can, any one please explain me the differences between these versions.If you keep your feet firmly on the ground, you'll have trouble putting on your pants! Have a look into this links http://en.wikipedia.org/wiki/.NET_Framework http://blogs.msdn.com/mohammadakif/archive/2006/12/03/net-3-0-different-versions-of-the-net-framework.aspx http://www.codeproject.com/aspnet/ComparisonASP1xASP20.aspAshok Rajawww.iGold.inDon't forget to click "Mark as Answer" on the post that helped you. This credits that m...

WS-Security with VS.NET 2005 Web Service and .NET 1.1 Client
We ship a webservices client piece into the field which is required to run on the .NET 1.1 version of the framework, this is defined by our business people and cannot change. We would like to work with .NET 2.0 in VS.NET 2005 for the backend Web Service piece. We are able to get the 2 to communicate fine and it is not a problem. The issue now is that we need to introduce security through WS-Security. I have not been able to find much information about interop between the 2 environments and WS-Security and cannot get the security elements to be invoked in VS.NET 2005. Currently we are trying ...

Differences between .net 1, .net 1.1, .net 2.0 and .net 3.0 #2
Hi, This seems to be a common question, but i havent got an answer yet:(Can, any one please explain me the differences between these versions.If you keep your feet firmly on the ground, you'll have trouble putting on your pants! There are too many differences for one email - - from 1.0 to 1.1 (not a whole lot of real change, other than fixes, at least compared to 1.1 to 2.0) With 2.0, there were many new declarative controls, with many new ideas added in With 3.0, it's a superset of 2.0 - instead of replacing the installation completely, it just 'added on' new functionality - I would...

is .net framework 1.1 same as .net framework SDK 1.1
is .net framework 1.1 same as  .net framework SDK 1.1 Basically Framework 1.1 of .NET includes the Sofware Development Kit (SDK) 1.1 http://www.microsoft.com/downloads/details.aspx?FamilyID=9b3a2ca6-3647-4070-9f41-a333c6b9181d&displaylang=en Regards,Vinz"Code, Beer and Music" that's my way of being a programmer!How to get your Forum Question Answered | Blog | CodeASP.NET I think .net framework 1.1 is just the runtime library to view .net 1.1 programs.  the .net framework SDK 1.1 one is the actual development library used to create them.   Eri...

.Net 1.1 security question.
I think this might be odd to ask this quetion while microsoft has already released the .Net 3.0. But I've no other option. If I don't ask I'll never know. So, here is my question. I'm experimenting with role based authorization with Form authentication in .Net 1.1. I cann't understand one behaviour. When I log in and go to the desired page and then I closed the browser without loggged out and again I reopen the brower and try to access the same page, it does not ask for password. But after waiting for say 2 to 3 minutes if I open the browser and try to access the page, it redirects me to ...

.net 1.1 security fix 928366
Last tuesday's fixes contained SP1 for framework 1.1 (KB928366). It seemed to install OK but shortly after reboot the notification for availabiliy of this fix popped up again. Tried download and installation again, same result. So I manually downloaded the fix NDP1.1sp1-kb928366- x86.exe. Execution of this fix did nothing either. So I tried to reinstall the complete 1.1 package which I downloaded again. Installation did not succeed because framework was already installed and would have to be uninstalled first. Uninstallation of the software did not work either because I do n...

Problem with Project Migrating from .net 1.1 to .net 2.0
Hi i am working in .net 1.1 and i am working on a web service. it 's working fine in .net 1.1 with vs2003 but when i migrated my WS from .net 1.1 to .net 2.0 i am getting System.FormatException while converting datetime from string using DateTime.Parse method. it was not happening earlier when i was using .net 1.1. My WS converted from vs2003 to vs2005 using a wizard and it doesn's shows a single error.   i did lots of googling on this issue but didnot gets any help , so any reply in the matter will be highly appericiable.  thanks vishal sharma vishalsharma808...

CrystalReportViewer problem after converting from .NET 1.1 to .NET 2.0
After converting my web aaplication project from .NET 1.1 to .NET 2.0, I am getting the following error when trying to run reports (and even in the VS 2005 designer):The base class includes the field 'crvBCSOnHandReport', but its type (CrystalDecisions.Web.CrystalReportViewer) is not compatible with the type of control (CrystalDecisions.Web.CrystalReportViewer)Has anybody else had this problem after converting?Thanks,Sacha...

.NET 1.1 SP 1 causing problem
In one of my pages I read the date of a file that is located on a file server. Before I loaded SP 1 it worked fine, but now that SP 1 is loaded I get this error when trying to access the file: System.IO.IOException: Logon failure: unknown user name or bad password. Hi there, Are you impersonating a domain user for access to the file server, or is the app running as a user with access to the file server? Check to make sure all your usernames, passwords, ACLs, etc are in order.--Brian DesmondWindows Server MVP - Directory Serviceshttp://www.briandesmond.com I was able to fix it. I fo...

best method to migrate from .net 1.0 to .net 1.1
hi, i have windows xp pro running iis 5.1. i have an intranet site running under iis. i made this site using VS.NET 2002 under .NET framework 1.0.3705. Now i want to upgrade me .NET frame work to version 1.1. , but i still want to use VS.NET 2002 for programming and maintaining the site. How do i do this without the upgrade affecting my already deployed website. A step by step procedure to migrate from version 1.0.3705 to version 1.1 would be quite helpful. Thanks in advance, Raja. Hi, There is an article on this, right on this site. Check this Hope it hel...

.NET 1.0 books and .NET 1.1 books. Does it matter ??
Hello, I want to buy a book that is good to learn asp.net. I have seen some good books on ASP.NET in the book store, but some of them are for .NET 1.0 and not the current 1.1. Does it make that big of a difference if the asp.net book is 1.0 and not 1.1 ???? Someone please help me as I have to do quite a bit of driving to go review and purchase a book. I need to leave in about an hour so if someone know the answer, please respond, asap. Sincerely, Amy Daynou Amy- The changes are small enough that you won't see much, if any difference. This doesn't apply as much if you're ...

best practices to migrate from .net 1.0 to .net 1.1
hi, i have windows xp pro running iis 5.1. i have an intranet site running under iis. i made this site using VS.NET 2002 under .NET framework 1.0.3705. Now i want to upgrade me .NET frame work to version 1.1. , but i still want to use VS.NET 2002 for programming and maintaining the site. How do i do this without the upgrade affecting my already deployed website. A step by step procedure to migrate from version 1.0.3705 to version 1.1 would be quite helpful. Thanks in advance, Raja. Well, at least take a look at this doc about running v1.0 and 1.1 side-by-side h...

Another Session ID problem from .net 1.1 to .net 2.0
My application was written with .net 1.1 and now I'm trying to convert to 2.0.  I have a java control that streams data to an aspx page to accomplish multi-select file upload (All works well in 1.1). However, with 2.0 the .aspx page that receives the files cannot locate the user in session.  When I checked the session id it is different between a normal request and the java request, which is generated from a java applet located on the page from the same site. ASPX Snippet: //Set the session parameter    System.Web.SessionState.HttpSessionState session = S...

Web resources about - Problems implementing role security (.Net 1.1) - asp.net.security

Implementing Recommendations of the 9/11 Commission Act of 2007 - Wikipedia, the free encyclopedia
Passed the House on January 9, 2007 (299-128 Roll call vote 015 , via Clerk.House.gov) Reported by the joint conference committee on July 25, ...

Implementing New Ideas Quickly - YouTube
Featuring: Mike Masnick, TechDirt http://www.techdirt.com Any mention of products or services by video personalities does not imply any partnership ...


Iran, U.S., EU begin implementing historic nuclear deal
Iran unplugged banks of centrifuges involved in its most sensitive uranium enrichment work on Monday, prompting the United States and European ...

Iraq to talk with Syria on implementing AL deal
Iraq on Thursday agreed with the Arab League (AL) to try to convince Syria to implement the bloc's initiative in a bid to avoid economic sanctions ...

Iran says differences over implementing nuclear deal solved: negotiator
Montreal Gazette Iran says differences over implementing nuclear deal solved: negotiator People's Daily Online Global TimesChinadaily.com.cn ...

China, Kazakhstan to enhance cooperation by implementing Silk Road initiative
China, Kazakhstan to enhance cooperation by implementing Silk Road initiative

Guess? exec says company saw immediate improvements after implementing iPads in stores
BusinessInsider pointed us to an interview on OpenForum with CIO of clothing retailer Guess?, Michael Relich. The company implemented iPads for ...

Sheriff Joe Arpaio: MCSO implementing 'patriotic' campaign with US flag at each cell
The Maricopa County Sheriff’s Office announced it started a campaign to display U.S. flags on every cell among its jails. Any vandalism will ...

Implementing An Employee Wellness Program? Be Careful – The EEOC Is Interested
According to recent studies, over 90% of employers offer some type of wellness incentives to their employees. This is a significant jump from ...

Resources last updated: 12/19/2015 4:12:35 PM