I have a Flex-WebORB-Asp.NET application. When logging in, there's a AuthenticationHandler which implements a WebORB interface:
IPrincipal CheckCredentials(string username, string password, Request message);
So I create a Principal and return it. WebORB uses the Principal to check for Authentication and Authorization of remote method calls.
var principal = new GenericPrincipal(new GenericIdentity(user.id.ToString()), new[] { "admin" });
return principal
Now, at this point, if I check what HttpContext.Current.User.Identity is, it's a WindowsIdentity.
So far so good. When later on, a remote call is done through WebORB, I get the id of the logged in user by calling:
Thread.CurrentPrincipal.Identity.Name
So I guess WebORB makes sure the Identity of the Thread is set with each remote call.
Problem is that when I call a HttpHandler (to retrieve an image), I also try to get the id of the logged in user with Thread.CurrentPrincipal.Identity.Name, but that doesn't work. Probably because with a HttpHandler, WebORB doesn't come into action.
How would you solve this so that I can get the id of the logged in user the same way in both cases? Put it in a session object? Can you change the HttpContext.Current.User.Identity? Shouldn't the HttpContext.Current.User.Identity be the same as the Thread.CurrentPrincipal.Identity.Name?
ps: The users are not in Active Directory.