tags:

views:

146

answers:

3
+1  Q: 

Set HttpContext.Current.User from Thread.CurrentPrincipal

I have a security manager in my application that works for both windows and web, the process is simple, just takes the user and pwd and authenticates them against a database then sets the Thread.CurrentPrincipal with a custom principal. For windows applications this works fine, but I have problems with web applications.

After the process of authentication, when I'm trying to set the Current.User to the custom principal from Thread.CurrentPrincipal this last one contains a GenericPrincipal. Am I doing something wrong? This is my code:

Login.aspx

protected void btnAuthenticate_Click(object sender, EventArgs e)
{
    SecurityManager.Authenticate("user","pwd"); // This is where I set the custom principal in Thread.CurrentPrincipal
    FormsAuthenticationTicket authenticationTicket = new FormsAuthenticationTicket(1,
                        "user",
                        DateTime.Now,
                        DateTime.Now.AddMinutes(30),
                        false,
                        "");

    string ticket = FormsAuthentication.Encrypt(authenticationTicket);
    HttpCookie authenticationCookie = new HttpCookie(FormsAuthentication.FormsCookieName, ticket);
    Response.Cookies.Add(authenticationCookie);    
    Response.Redirect(FormsAuthentication.GetRedirectUrl("user", false));
}

Global.asax (This is where the problem appears)

protected void Application_AuthenticateRequest(object sender, EventArgs e)
    {
        HttpCookie authCookie = Context.Request.Cookies[FormsAuthentication.FormsCookieName];
        if (authCookie == null)
            return;

        if (HttpContext.Current.User != null && HttpContext.Current.User.Identity.IsAuthenticated && HttpContext.Current.User.Identity is FormsIdentity)
        {                
            HttpContext.Current.User = System.Threading.Thread.CurrentPrincipal; //Here the value is GenericPrincipal
        }

Thanks in advance for any help. }

A: 

The Intellisense tells me that HttpContext.Current.user and System.Threading.Thread.CurrentPrincipal are both of type System.Security.Principal.IPrincipal.

If I understand correctly, this means that the statement HttpContext.Current.User = System.Threading.Thread.CurrentPrincipal; will assign the value of thread principal to the httpcontext user without any casting or conversion.

I don't see where exactly in your code you are setting the value of the System.Threading.Thread.CurrentPrincipal, but I suggest you carefully examine how you set the principal. I recommend that you put breakpoints on this code and run it in the debugger. See what is happening line-by-line.

Rice Flour Cookies  2010-05-17 15:08:29
I set the Thread.CurrentPrincipal in the first line in the login page, this is the process where authenticates the user and set the custom principal, this works fine in windows environment, but the problems are in web.
Argons  2010-05-17 15:11:01
A: 

When you use Forms Based Authentication (FBA), you get a GenericPrincipal in ASP.NET. This is normal, you are not doing anything wrong.

What where you expecting ? You could use Windows Integrated Authentication in your ASP.NET app if you were expecting a WindowsPrincipal.

Timores  2010-05-17 15:50:22
Well, I think you didn't unserstand the question, the GenericPrincipal can be changed to a custom principal, my answer is why when I put the custom principal to the thread.CurrentPrincipal in one layer of the application I can't access it in the web application. In any part of the question I mention WindowsPrincipal.
Argons  2010-05-19 18:56:40
A: 

Sorry about the VB (orrible language) however this should answer your question ...

http://www.asp.net/security/videos/use-custom-principal-objects

Then change that line of code to something like ...

HttpContext.Current.User = (CustomPrinciple)System.Threading.Thread.CurrentPrincipal;

That should give you what you need. Works perfectly for me :)

Wardy  2010-05-18 14:54:14
If you don't like VB.NET, there are many easy conversion tools available, such as this one: http://converter.telerik.com/
Rice Flour Cookies  2010-05-20 16:05:05

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?