Forms Authentication - Display currently logged in user information in FormView using Object Data Source

Question

In my web application I use Forms Authentication with a cookie. In a page I wish to display the information for the currently logged in user, inside a FormView powered by an ObjectDataSource. My data source has a select method accepting as parameter the user name by which the user data will be requested from the database. How do i get the user name for the currently logged in user and use it as a select parameter for the data source.

Answer 1

On Global.asax.. you should write:

protected void Application_AuthenticateRequest(object sender, EventArgs e) {
    if (Request.PhysicalPath.EndsWith(".aspx") || Request.PhysicalPath.EndsWith(".axd"))
        SecurityManager.SetPrincipal();
}

The SecurityManager.SetPrincipal() method should look like:

// variable we'll use to set HttpContext.Current.User
        IPrincipal principal = null;
        FormsIdentity identity;

        //IsAuthenticated will be automatically set by .NET framework
        if (HttpContext.Current.Request.IsAuthenticated)
        {
            // (FormsIdentity)HttpContext.Current.User.Identity will
            // be filled automatically by the .NET framework when using forms authentication
            identity = (FormsIdentity)HttpContext.Current.User.Identity;

            // This User class must be defined BY YOU
            User userProfile;
            // this user data is the data that you entered when you created the ticket.
            // this should be a security token that would allow you to GET THE USER FROM IT
            String userData = (((FormsIdentity)identity).Ticket).UserData;
            try
            {
                // UserHelper is a class that must be able to OBTAIN a USER given a SECURITY TOKEN.
                // remember, you created this token when you created the ticket you used in the cookie.
                userProfile = UserHelper.GetUser(userData);

                // AuthenticatedPrincipal must implement IPrincipal. Consider deriving from GenericPrincipal.
                // Your IPrincipal implementations must hold a reference to the UserClass you created
                principal = new AuthenticatedPrincipal(identity, userProfile);
            }
            catch
            {
                FormsAuthentication.SignOut();
                // This is analogous to AuthenticatedPrincipal
                principal = new AnonymousPrincipal(new GuestIdentity(), UserHelper.GetUser(null));
            }

        }
        else
        {
            principal = new AnonymousPrincipal(new GuestIdentity(), UserHelper.GetUser(null));
        }

        // Now we make our principal, that holds a reference to the currently
        // logged user, globally visible
        HttpContext.Current.User = principal;

As far as I know, ObjectDataSource allows you to write a Data Access Layer class and map some methods of this class to the DataSource operations. You can access HttpContext.Current.User from within theses methods.

As you said you are "In my web application I use Forms Authentication with a cookie". I'm assuming you know how to "log" the user and send the cookie to the browser. If you have any problems with that, let me know.

Answer 2

Instead, I have chosen to use the Selecting event of the datasource and add the information I needed as an inputParameter.