ASP.NET MVC: How to use HttpContext.User

Question

Im getting really lost on how to use HttpContext.User. I read everywhere that its great for FormAutherication, but i just cant see how it works. If i do something like this:

ControllerContext.HttpContext.User = new GenericPrincipal(GetUser(username, password), roles);

What does ControllerContext.HttpContext.User contain? and how do i access information about the user this way?

Im think that i have a Action like this:

public User GetUser(string username, string password)
    {
        try
        {
            var user = (from u in dm.Users
                        join r in dm.Roles
                        on u.Role_ID_FK equals r.RoleID
                        where u.Username.Equals(username) && u.Password.Equals(password)
                        select u).Single();

            return user;
        }
        catch (Exception e)
        {
            return null;
        }
    }

And then if i want user information in my view, like the user name or role, i can call ControllerContext.HttpContext.User.Username in my View. But this is diffenrently the wrong way to look at it.

So can you guys give me a kick in the rigth direction or post a link to a site which can?

Answer 1

In your login code use:

FormsAuthentication.SetAuthCookie("userName", remeberMe);

to set the authenticated user, then you can use

<%= User.Identity.Name %>
<%= User.IsInRole("role") %>

Answer 2

I'm not sure exactly what you are trying to do with the code you posted, but here's some help with HttpContext.User. In layman's terms it represents the current user requesting the particular page, and actually within your Controller you can just reference it as "User" without the prefix.

User.Identity will let you know if the user is authenticated, and if so their username and how they authenticated (Forms or Windows).

It's generally used to get the username of the user requesting the page so your controller actions can perform the correct duties. Something like:

public ActionResult Index()
{
    //you should probably use the [Authorize] attribute on the Action Method
    //but you could check for yourself whether the user is authenticated...
    if (!User.Identity.IsAuthenticated)
         return RedirectToAction("LogIn");

    MyUser u = repository.GetUser(User.Identity.Name); //lookup user by username
    ViewData["fullname"] = u.FullName; //whatever...
    return View();
}

In this example, if the user hasn't been authenticated, they will be redirected to a LogOn page, and if they have been, the Action method is using the User.Identity.Name (which is the username they logged in with, or their Windows login) to lookup and return an instance of a MyUser object from your database and puts the user's full name in ViewData to be displayed.