Hello,
I assume MembershipUser object and object implementing IPrincipal interface are “connected” in a sense that when certain information in one of the objects changes, the other object is also changed appropriately?
thanx for helping
+3
A:
Not sure whether or not I understand your question here but I believe your assumption is incorrect.
MembershipUser is used by System.Web.Security to authenticate a User via the MembershipProvider to you have set in you web config. When you call...
MembershipUser user = Membership.GetUser(username);
Your membership provider will query the datastore where you keep your user information (A Sql Database, Active Directory, etc..) and return back the Memberhsip data sotred for that username.
If you have defined another class in your application that implements the IPrincipal interface and you have instantiated an object of that type, that does not necessarily mean that your MembershipUser object and your custom object share data (unless of course you have assigned the reference programatically )
Maybe if you provided a code example it would help clarify
matt_dev
2009-05-10 23:09:57
I understand that if you manually create principal object ( object that implements IPrincipal interface ) that you also have to programmaticaly create a reference between the two objects. But in my initial question I was referring ( sorry for not being more specific ) to principal object which represent security context of the current user and is created automatically by Asp.Net when using forms authentication. I thought that in that case Asp.Net also takes care of “synchronizing” the two objects?
SourceC
2009-05-10 23:42:32
I still don't understand what you want to be "synchronized" between the two objects? They don't really share anything - the IPrincipal implementation contains an IIdentity - but that's about it....
marc_s
2009-05-11 05:11:27
IPrincipal in the context of Asp.net (HttpContext.User) is the user running the current process on the machine. MembershipUser is an application user that you store somewhere in a datastore. During authorization, you can set the HttpContext.User by assigning values from you MembershipUser into the FormsAuthentication ticket, but the two objects that you are referring to are never synchronized automatically.
matt_dev
2009-05-11 06:33:58
I’m sorry, I was totally off with my question.For some reason I thought IPrincipal ( HttpContext.User ) had more properties in common with MembershipUser, but in truth only properties MembershipUser shares with HttpContext.User are the three properties defined in IIdentity!I really appreciate your help and patience
SourceC
2009-05-11 18:39:38
A:
I don`t know why do you use 2 classes for members authentification. Under my oppinion , every web developer must to develop a personal class which to use the database ,to encrypt passwords (using MD5 , SHA )
Alynuzzu
2009-07-31 16:02:23