MonoX support board

Start the conversation, ask questions and share tips and solutions with fellow developers.

Non-registered users can only browse through our support boards. Please register now if you want to post your questions. It takes a second and it is completely free. Alternatively, you can log in without registration using your credentials at major sites such as Google, Microsoft Live, OpenId, Facebook, LinkedIn or Yahoo.

Quick easy way to pull a username by guid ?  (Mono Support )

Viewed 16208 time(s), 8 post(s) 3/22/2012 6:44:38 PMby shawndg
shawndg

shawndg

3/22/2012 6:44:38 PM
Hello guys..

I have the following code and it pretty much works for pulling logged in user all the time but the problem is it pulls their guid..

public Guid GetMyGuid()
{
Guid MyGuid = Guid.Empty;
MyGuid = SecurityUtility.GetUserId();
return MyGuid;
}

Now I want to also have a function like this..

public string GetMyUserName()
{
//but i cant seem to find anything in securityutility to return the username from a guid ?
}
This content has not been rated yet. 
1871 Reputation 252 Total posts
shawndg

shawndg

3/22/2012 7:07:17 PM
Ok well

public string GetMyUserName()
{
Guid MyGuid = Guid.Empty;
string MyUserName = string.Empty;

MyGuid = SecurityUtility.GetUserId();

if (MyGuid != Guid.Empty)
{

}

return MyUserName;
}


Think I need to add the Monox User Api User adepter but cant seem to get it to work..
Any way you guys can please help me out..

Thanks,

This content has not been rated yet. 
1871 Reputation 252 Total posts
mzilic

mzilic

3/22/2012 7:12:35 PM
Hello,

May I recommend that you try to use a code sample below to fetch the username of the currently logged in user:
HttpContext.Current.User.Identity.Name
Regards
This content has not been rated yet. 
2218 Reputation 300 Total posts
shawndg

shawndg

3/23/2012 1:42:15 PM
Hi Mzilic,

Is this secure ?

HttpContext.Current.User.Identity.Name ?

Like I would assume the security gui part ?

Because I am saving information into my file structure..

For all my own parts i mainly used guid, but for this part I want it to save into the users profile location.
ROOT\Upload\user\X

This code is to be used to fill in X..
This content has not been rated yet. 
1871 Reputation 252 Total posts
shawndg

shawndg

3/23/2012 1:51:33 PM
I just took your ides and wrapped it around my MonoX security to secure it..

Take a look,

do I need to use this method or is there maybe a better way .. ?

public string GetMyUserName()
{
Guid MyGuid = Guid.Empty;
string MyUserName = string.Empty;

MyGuid = SecurityUtility.GetUserId();

if (MyGuid != Guid.Empty)
{

//check to see if logged in gui matches indenity of given user identity string.
Guid DbGuid = SecurityUtility.GetUserId(HttpContext.Current.User.Identity.Name);

if ((DbGuid == MyGuid) & (DbGuid != Guid.Empty))
{
MyUserName = HttpContext.Current.User.Identity.Name;
}
else
{
MyUserName = string.Empty;
}

}

return MyUserName;
This content has not been rated yet. 
1871 Reputation 252 Total posts
mzilic

mzilic

3/23/2012 3:16:09 PM
Hello,

Using the code which I mentioned is secure, it is also used internally by SecurityUtility.

Regards
This content has not been rated yet. 
2218 Reputation 300 Total posts
shawndg

shawndg

3/24/2012 11:27:51 AM
So If i change my function too.


public string GetMyUserName()

{
MyUserName = HttpContext.Current.User.Identity.Name;
}

then this is just as secure as the function above ?
I am just worried about the whole HttpContext deal here..

Like is this information available in a cookie or somewhere else that it can be easily edited via firefox plugin or hard code..
Is there any way for a user to open this object and modify the client side string ?

HttpContext scares the hell out of me as web programmer..
Maybe its just the name...

I would be interested to know more about how this function actually works before removing the code i wrote before that I think is more secure but more work on the system.


This content has not been rated yet. 
1871 Reputation 252 Total posts
denis

denis

3/24/2012 8:50:36 PM
Hi Shawn,
you don't have to avoid using it - it is secure as it can be in the context of Web programming. The client-side thing you are referring to is actually the authentication cookie - a container for the forms authenticatiion ticket: http://support.microsoft.com/kb/910443 HttpContext is a server-side mechanism that appears frequently in most ASP.NET apps - for more details, check http://stackoverflow.com/questions/787143/where-does-web-httpcontext-current-user-identity-name-come-from
This content has not been rated yet. 
7207 Reputation 956 Total posts