0

I've a web application, which works without any problem in my browser. But if I install it out-of-browser, when I try to get the username, the userAccount isn't in the dictionary:

private void Application_Startup(object sender, StartupEventArgs e) {
  string userId = e.InitParams["UserAccount"];//--> KeyNotFoundException
  //...
}

Which is normal because I give it through the launch of silverlight in the aspx web page:

<param name="InitParams" value="UserAccount=<%=HttpContext.Current.User.Identity.Name%>" />.

I need it because sometimes in my application, I need to display the current logged user, and display that it's this user which will do this or this action before I save it.

So, one question:

  • How to manage to ensure that the user has the right to load the application AND retrieve the userId.

Thank you very much!

J4N

J4N
  • 19,480
  • 39
  • 187
  • 340

2 Answers2

0

You should be able to set it client-sided like this:

e.InitParams["UserAccount"] = Environment.UserName;

This only gets the username though but does exactly the same as the other example you displayed.

However, it is never a good idea to set permissions based on a username provided by the client (which both this and your example does).

Teo Klestrup Röijezon
  • 5,097
  • 3
  • 29
  • 37
  • Are you sure? Because I can't find any "UserName" property on my Environement var – J4N Mar 25 '11 at 12:18
  • I'm not sure that this is readeable with silverlight. And for your previous concern: I don't set any permission on that, it's the server which is responsible for that, but some times I need to display the current user, or display only objects relatives to the current object, but it's only ergonomics concerns, never security. – J4N Mar 27 '11 at 06:21
0

In fact it seems it isn't possible, I've to create a WCF service which return the current logged user.

J4N
  • 19,480
  • 39
  • 187
  • 340