What's the presumption for User.Identity.Name?

G

gnewsgroup

We have a requirement from our client. Basically, they wanna do an
online survey through a public-access web site (in other words,
anonymous access allowed), but do not want any user to do the survey
more than once.

We told them that this is not possible. But they insist that it is
possible and said that they did that before by getting the user
identity through:

System.Web.HttpContext.Current.User.Identity.Name

To my understanding, we can obtain user identity through this line of
code above only if some kind of authentication is required to access
the web application, for example, Integrated Windows Authentication
(IWA)

The web application may or may not prompt the user for his/her user
name and password if we turn on Integrated Windows Authentication,
depending on the security settings of the browser and domain of the
computer. Our client does not like this IWA idea and said that some
trick in Web.config would make it possible to allow anonymous access
and meanwhile to be able to retrieve user identity.

It's very clear that they want the survey to be anonymously accessible
and at the same time want the user identity of the survey
participants.

My understanding is that this requirement is intrinsically
contradictory. I am not sure what trick can make this happen. Any
idea to share? Thank you very much.
 
M

Mark Rae [MVP]

My understanding is that this requirement is intrinsically
contradictory.
Click to expand...

You are correct. Anonymous access means that client browsers don't need to
log on, so the website has no way of knowing who they are.

There are two things you can do, both of which offer no help whatsoever in
this situation:

1) you can store the client machine's IP address and prevent more than one
survey against the same IP address - however, IP addresses are laughably
easy to spoof...

2) you can store a cookie on the client machine and prevent the survey if
the cookie already exists - however, the user can simply delete their
cookies...
 
M

Mick Wilson

It's very clear that they want the survey to be anonymously accessible
and at the same time want the user identity of the survey
participants.
Click to expand...

Can you describe the problem a bit more?

If the client's issue is that they do not want to restrict the survey
to account holders (rather than maintaining a sense of anonymity for
the survey taker), would it be possible to have the user's provide an
email address at the end of the survey, to which you could send a link
to "confirm" the survey for the system? Recording this email address
would allow you to restrict the pool of users (excepting those who go
to the trouble of using multiple email addresses). Something like this
should be about as effective as polling the default credentials sent
by the browser.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

User.Identity.Name is blank 2
user.identity.name returns old AD user name 5
Seeking co-founders for my company. 3
Hello all! Noob here with completely unrealistic ambitions. Happy to join the crew and get good enough to help others. 4
What's the best practice in adjusting web interface according tomembership? 4
People are needed for a mental model study of concurrent programming. (>19 years old, English Speaking, Programmers who know concurrency) 1
[PAID][REMOTE] Hiring programmer/dev for indie game 2
Want to host websites that I will probably be the only user from home. Sacrilege, I know, but it has always been a dream of mine. Where do I start? 2

Members online

No members online now.
Total: 88 (members: 0, guests: 88)
Robots: 217

Forum statistics

Threads
473,995
Messages
2,570,230
Members
46,819
Latest member
masterdaster

Latest Threads

Top