Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > Custom IIdentity class - how to set it?

Reply
Thread Tools

Custom IIdentity class - how to set it?

 
 
Tim Mulholland
Guest
Posts: n/a
 
      02-20-2004
I have created my own IIdentity class (actually inherited from
GenericIdentity) to contain lots of extra useful information to be passed
around with the user's basic information.
The class compiles fine, no problems there.

My problem is that i'm not sure where to actually set this to be part of the
HttpContext. I know that the IIdentity stuff is part of a principal (which
in my case will be a GenericPrinciple i suppose since i'm using forms
authentication). So i figure it needs to be whenever the HttpContext.User
object is set.

What event is raised that i need to handle to be able to do this? I'm going
to be controlling all of the authentication using custom forms
authentication.

Is there a good tutorial about this type of stuff (the 'flow' of the
authentication information) that someone could point me to?

Thanks in advance,

Tim


 
Reply With Quote
 
 
 
 
John Saunders
Guest
Posts: n/a
 
      02-20-2004
"Tim Mulholland" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> I have created my own IIdentity class (actually inherited from
> GenericIdentity) to contain lots of extra useful information to be passed
> around with the user's basic information.
> The class compiles fine, no problems there.
>
> My problem is that i'm not sure where to actually set this to be part of

the
> HttpContext. I know that the IIdentity stuff is part of a principal (which
> in my case will be a GenericPrinciple i suppose since i'm using forms
> authentication). So i figure it needs to be whenever the HttpContext.User
> object is set.
>
> What event is raised that i need to handle to be able to do this? I'm

going
> to be controlling all of the authentication using custom forms
> authentication.


You need to do this sort of thing in the Application_AuthenticateRequest
event in global.asax.

Be sure to check Request.IsAuthenticated, first, though!
--
John Saunders
John.Saunders at SurfControl.com


 
Reply With Quote
 
 
 
 
Tim Mulholland
Guest
Posts: n/a
 
      02-20-2004
i've been looking into that...
am i correct then in thinking that this event will be raised multiple times
per page request, and i'll handle it when they've been authenticated and
fill in the User information then? So then the user information would be
recreated (accessed from a db, or whatever) everytime a page loads?
Is there a better way to do that?
Or am i just totally missing something?

"John Saunders" <john.saunders at SurfControl.com> wrote in message
news:ejYQ9I$(E-Mail Removed)...
> "Tim Mulholland" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > I have created my own IIdentity class (actually inherited from
> > GenericIdentity) to contain lots of extra useful information to be

passed
> > around with the user's basic information.
> > The class compiles fine, no problems there.
> >
> > My problem is that i'm not sure where to actually set this to be part of

> the
> > HttpContext. I know that the IIdentity stuff is part of a principal

(which
> > in my case will be a GenericPrinciple i suppose since i'm using forms
> > authentication). So i figure it needs to be whenever the

HttpContext.User
> > object is set.
> >
> > What event is raised that i need to handle to be able to do this? I'm

> going
> > to be controlling all of the authentication using custom forms
> > authentication.

>
> You need to do this sort of thing in the Application_AuthenticateRequest
> event in global.asax.
>
> Be sure to check Request.IsAuthenticated, first, though!
> --
> John Saunders
> John.Saunders at SurfControl.com
>
>



 
Reply With Quote
 
John Saunders
Guest
Posts: n/a
 
      02-20-2004
"Tim Mulholland" <(E-Mail Removed)> wrote in message
news:uOeF4R$(E-Mail Removed)...
> i've been looking into that...
> am i correct then in thinking that this event will be raised multiple

times
> per page request, and i'll handle it when they've been authenticated and
> fill in the User information then? So then the user information would be
> recreated (accessed from a db, or whatever) everytime a page loads?
> Is there a better way to do that?
> Or am i just totally missing something?


No. The event will only be raised once per page.

And, yes, it does have to be recreated every page load - so it would be a
good idea to avoid a database hit on each load. Many people do this by
setting the UserData field of the FormsAuthenticationTicket on their login
page, then reading the UserData during Application_AuthenticateRequest. The
idea would be to use it to hold information you'd otherwise have to go to
the database for, but which you don't mind having a bit out of date (it will
be from the time of login, if you never refresh it).

--
John Saunders
John.Saunders at SurfControl.com


> "John Saunders" <john.saunders at SurfControl.com> wrote in message
> news:ejYQ9I$(E-Mail Removed)...
> > "Tim Mulholland" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> > > I have created my own IIdentity class (actually inherited from
> > > GenericIdentity) to contain lots of extra useful information to be

> passed
> > > around with the user's basic information.
> > > The class compiles fine, no problems there.
> > >
> > > My problem is that i'm not sure where to actually set this to be part

of
> > the
> > > HttpContext. I know that the IIdentity stuff is part of a principal

> (which
> > > in my case will be a GenericPrinciple i suppose since i'm using forms
> > > authentication). So i figure it needs to be whenever the

> HttpContext.User
> > > object is set.
> > >
> > > What event is raised that i need to handle to be able to do this? I'm

> > going
> > > to be controlling all of the authentication using custom forms
> > > authentication.

> >
> > You need to do this sort of thing in the Application_AuthenticateRequest
> > event in global.asax.
> >
> > Be sure to check Request.IsAuthenticated, first, though!
> > --
> > John Saunders
> > John.Saunders at SurfControl.com
> >
> >

>
>



 
Reply With Quote
 
Tim Mulholland
Guest
Posts: n/a
 
      02-20-2004
Thanks for the help John. Much appreciated.

Tim

"John Saunders" <john.saunders at SurfControl.com> wrote in message
news:enlrnX$(E-Mail Removed)...
> "Tim Mulholland" <(E-Mail Removed)> wrote in message
> news:uOeF4R$(E-Mail Removed)...
> > i've been looking into that...
> > am i correct then in thinking that this event will be raised multiple

> times
> > per page request, and i'll handle it when they've been authenticated and
> > fill in the User information then? So then the user information would be
> > recreated (accessed from a db, or whatever) everytime a page loads?
> > Is there a better way to do that?
> > Or am i just totally missing something?

>
> No. The event will only be raised once per page.
>
> And, yes, it does have to be recreated every page load - so it would be a
> good idea to avoid a database hit on each load. Many people do this by
> setting the UserData field of the FormsAuthenticationTicket on their login
> page, then reading the UserData during Application_AuthenticateRequest.

The
> idea would be to use it to hold information you'd otherwise have to go to
> the database for, but which you don't mind having a bit out of date (it

will
> be from the time of login, if you never refresh it).
>
> --
> John Saunders
> John.Saunders at SurfControl.com
>
>
> > "John Saunders" <john.saunders at SurfControl.com> wrote in message
> > news:ejYQ9I$(E-Mail Removed)...
> > > "Tim Mulholland" <(E-Mail Removed)> wrote in message
> > > news:(E-Mail Removed)...
> > > > I have created my own IIdentity class (actually inherited from
> > > > GenericIdentity) to contain lots of extra useful information to be

> > passed
> > > > around with the user's basic information.
> > > > The class compiles fine, no problems there.
> > > >
> > > > My problem is that i'm not sure where to actually set this to be

part
> of
> > > the
> > > > HttpContext. I know that the IIdentity stuff is part of a principal

> > (which
> > > > in my case will be a GenericPrinciple i suppose since i'm using

forms
> > > > authentication). So i figure it needs to be whenever the

> > HttpContext.User
> > > > object is set.
> > > >
> > > > What event is raised that i need to handle to be able to do this?

I'm
> > > going
> > > > to be controlling all of the authentication using custom forms
> > > > authentication.
> > >
> > > You need to do this sort of thing in the

Application_AuthenticateRequest
> > > event in global.asax.
> > >
> > > Be sure to check Request.IsAuthenticated, first, though!
> > > --
> > > John Saunders
> > > John.Saunders at SurfControl.com
> > >
> > >

> >
> >

>
>



 
Reply With Quote
 
Steven Cheng[MSFT]
Guest
Posts: n/a
 
      02-21-2004
Hi Tim,



Thanks for posting in the community!
From your description, you're using the FormsAuthentication in ASP.NET and
you're wondering the time when to set the customized principle object(with
the proper roles) to the HttpContext.Current.User, yes?

Based on my expericence, generally , in formsauthentication, since the
roles must be retrieved and set manually via code, so we can put those code
in the Application_AuthenticateRequest event of the global
object(global.asax/global.asax.cs). At that time ,the request hasn't been
processed , we can first retireved all the proper roles of the current user
from our datasource and create a principle objectd and set it to the
HttpContext.Current.User, for example:
---------------------
Sub Application_AuthenticateRequest....
'f?rst hentes roller for brugeren ud i
'array'et roleListArray... og derefter:
HttpContext.Current.User =
New GenericPrincipal(User.Identity, roleListArray)
end sub
---------------------

And here are two tech articles discussing detailedly on this:

#HOW TO: Implement Role-Based Security with Forms-Based Authentication in
Your ASP.NET Application by Using Visual C# .NET
http://support.microsoft.com/?id=311495

#Using Forms Authentication in ASP.NET
http://www.xoc.net/works/tips/forms-authentication.asp

Please check out the above things to see whether they answer your question.



Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx


 
Reply With Quote
 
Steven Cheng[MSFT]
Guest
Posts: n/a
 
      02-24-2004
Hi Tim,


Have you had a chance to check out the suggestions in my last reply or have
you got any ideas on this issue? If you have anything unclear or need any
further help, please feel free to post here.


Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Override User.Identity.Name or Custom IIdentity Corker ASP .Net Security 1 03-10-2010 12:31 AM
Custom IIdentity object casting Random ASP .Net 0 01-25-2008 05:23 PM
Custom IIdentity w/ FormsAuthentication Spam Catcher ASP .Net 2 01-07-2006 04:17 AM
Stupid Question ? IIdentity Amar ASP .Net 1 12-07-2004 11:37 AM
IIdentity casting problem Craig Buchanan ASP .Net 4 02-24-2004 08:03 PM



Advertisments