I am using Windows Authentication on a website where users create reports that are stored in a database. When I save a report, I want to know which user filled it out, so I have been storing the SecurityIdentifier of their WindowsIdentity in the database to identify which user filled out the report. Here is the code I use to get the SecurityIdentifier value for the current Windows user:
public static string GetCurrentUserSID()
{
IPrincipal princ = HttpContext.Current.User;
WindowsIdentity winId = princ.Identity as WindowsIdentity;
SecurityIdentifier si = winId.User;
string securityIdentifierValue = winId.User.Value;
return securityIdentifierValue;
}
Questions
Am I doing the right thing by storing the SecurityIdentifier in the database instead of username or some other value? What is the best practice to follow in this sort of situation?
How can I get the user’s username from the SecurityIdentifier value I have stored?
Should contain the username:
HttpContext.Current.User.Identity.Name
Related
Hi I'm trying to display the logged in username in a text field. Before I started using parse I would simply say let Account = NSUserDefaults.standardUserDefaults().stringForKey("userName") then say self.textfield.text = "Account: " + Account!).
Now that I'm using Parse and my username is stored in a server I'm not sure how to access the string that would be the username so I can use it in a label
Please help. Thanks
Assuming everything else is set up correctly, you should be able to use PFUser.currentUser().username.
I'm building username/password authentication for a flask app. When the user signs up, I store the username and password in a mongodb document.
This is my User model:
class User():
def __init__(self, userid=None,username=None,password=None):
self.userid= userid
self.username = username
self.password = generate_password_hash(password)
def __repr__(self):
return '<User %r>' % self.username
def is_authenticated(self):
return True
def is_active(self):
return True
def is_anonymous(self):
return False
def get_id(self):
try:
return unicode(self.userid)
except NameError:
return unicode(self.userid)
I'm using the werkzeug library methods generate_password_hash and check_password_hash to generate/check the password, respectively.
This is my code for dumping user data into mongodb:
def db_dump(data):
k = {'username':data.username,'password':data.password}
db.users.insert(k,True)
And this is my code for retrieving user data by username:
def find_by_username(username):
data = self.db.users.find_one({'username': username})
user = User(userid=unicode(data['_id']),username=data['username'],password=data['password'])
return user
Here's my problem. Let's say I have a user 'jon' that has a password 'abcd'. When I run the code to check the password hash for a new user thru the console, it works fine:
>> check_password_hash(generate_password_hash('abcd'),'abcd')
True
However, after 'jon' has signed up and his info has been dumped into the database, on a subsequent login attempt in which I have to retrieve the hashed password from the database, the checking doesn't work:
>>check_password_hash(find_by_username('jon').password,'abcd')
False
Any idea as to why this is happening? After some googling my first instinct is that maybe I need to store or retrieve the hash password in mongodb in a different way, since it seems like it's being stored as a string. Any ideas?
I believe the issue is that you are double-hashing the password when you instantiate the User object in your find_by_username method. That method grabs the info from the DB which would contain the hashed password. Then, it creates a User object with that data. The User object calls generate_password_hash during its __init__ method. So, the password is being double-hashed and therefore failing the check_password_hash check.
You might consider moving the password hashing to a function that is called when the User object is saved to the DB. You'd want to detect if the password has changed or not so you aren't repeatedly rehashing the password. There are likely other ways to handle this as well, but in short, you might want to move the password hashing out of the __init__ call.
In a node, the title should be the name of the user logged into the system.
In addition I would like the result to be cached, because to retrieve the username I have to go to the database since the username is the email.
How to modify the title with the name of the logged in user and cache the result, but so that if another user logs in it will not load a cached page but a new page will be rendered to him.
In v4 you can simply set the title in either your view or controller and it will be request cached for that user (no other user will see it).
#MvcSiteMapProvider.SiteMaps.Current.CurrentNode.Title = "My Username"
Of course, I am using CurrentNode as an example, you can do this with any node by walking the tree.
However, you will need to handle the caching of the username to prevent a database hit per request outside of MvcSiteMapProvider. You can do this by creating a cache item for each user, incorporating the username (as long as it is unique) into the key.
var key = "My Username";
var userName = HttpContext.Current.Cache.Item[key];
if (userName == null)
{
userName = GetUserNameFromDB();
HttpContext.Current.Cache.Item[key] = userName;
}
I'm using Zend_Auth to store session values after login. My question is: let's say the user has changed his email/first name after login, how can I reflect this in the session?
When I do Zend_Auth::getInstance(); after editing the profile it returns the old values.
Not tested but i think you could use:
// fetch data in auth storage
$authStorage = Zend_Auth::getInstance()->getStorage();
$authData = $authStorage->read();
// change your values in $authData
$authStorage->write($authData);
If you put Object to Zend_Auth then you can do something like this:
$user = Zend_Auth::getInstance()->getIdentity();
$user->setFoo(bar);
And it will be changed (because php pass objects by reference)
I got a mapped entity named User - with username and pass, the pk is the username.
When saving a new user, the username for some reason becomes an empty string.
Here is a code sample:
var newUser = new User() {Username = model.UserName, Password = hashedPassword};
_db.Users.AddObject(newUser);
_db.SaveChanges();
In debug view I see user name is not empty before save and after save it's empty. Whats wrong with me?
The dev server decided to ignore my reset, so I needed to reset it again and it's fine.