HttpContext.Current.User is null under windows authentication (integrated pipeline)

In the web.config:

    <authentication mode="Windows">
      <deny users="?" />

in global.asax

protected void Application_AuthenticateRequest(object sender, EventArgs args)
    tracker.LogRequest(HttpContext.Current.User, DateTime.Now)

I am just really confused by this, any ideas?

Here is Solutions:

We have many solutions to this problem, But we recommend you to use the first solution because it is tested & true solution that will 100% work for you.

Solution 1

I think this is a symptom of listening on the wrong event. You should probably listen for Application.PostAuthenticateRequest.

Running a sample piece of code using a project I have that authenticates against my local domain’s Active Directory to ask if the User object is nothing:


Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As EventArgs)
    Debug.WriteLine("Authenticate Request: " & (HttpContext.Current.User Is Nothing))
End Sub

Sub Application_PostAuthenticateRequest(ByVal sender As Object, ByVal e As EventArgs)
    Debug.WriteLine("Post-authenticate Request: " & (HttpContext.Current.User Is Nothing))
End Sub


Authenticate Request: True

Post-authenticate Request: False

Following the PostAuthenticateRequest event, the HttpContext.Current.User.Identity property is an instance of System.Security.Principal.GenericIdentity for unauthenticated requests.

Note: Use and implement solution 1 because this method fully tested our system.
Thank you 🙂

All methods was sourced from or, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply