Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Customer IPrincial and IIdentity

Reply
Thread Tools

Customer IPrincial and IIdentity

 
 
MasterGaurav
Guest
Posts: n/a
 
      04-04-2005
Hi,

I need to push some more information than just username and roles in
the IPrincipal implementation.

For this, I wrote the following code (during authentication):

MyIdentity mi = new MyIdentity(....);
MyPrincipal mp = new MyPrincipal(....);

Context.User = mp;
FormsAuthentication.SetAuthCookie(...);

However, everytime I check for Context.User, I get a
GenericPrincipal. How can I have my own MyPrincipal come into
existence?



CHeers,
Gaurav Vaish
http://mastergaurav.org
http://mastergaurav.blogspot.com
----------------------------

 
Reply With Quote
 
 
 
 
Paul Glavich [MVP ASP.NET]
Guest
Posts: n/a
 
      04-04-2005
You must re-assign your custom principal to the thread identity for each
returning request. Use a cookie to store any specific information, grab that
info from the cookie in the Applicatin_Authenticate event, then generate a
custom principal and assign it to the threads context
(HttpContext.Current.User)

--

- Paul Glavich
ASP.NET MVP
ASPInsider (www.aspinsiders.com)


"MasterGaurav" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> Hi,
>
> I need to push some more information than just username and roles in
> the IPrincipal implementation.
>
> For this, I wrote the following code (during authentication):
>
> MyIdentity mi = new MyIdentity(....);
> MyPrincipal mp = new MyPrincipal(....);
>
> Context.User = mp;
> FormsAuthentication.SetAuthCookie(...);
>
> However, everytime I check for Context.User, I get a
> GenericPrincipal. How can I have my own MyPrincipal come into
> existence?
>
>
>
> CHeers,
> Gaurav Vaish
> http://mastergaurav.org
> http://mastergaurav.blogspot.com
> ----------------------------
>



 
Reply With Quote
 
 
 
 
MasterGaurav
Guest
Posts: n/a
 
      04-06-2005
Cookie!
Is there no other way? Putting it in session... would that work fine?


Cheers,
Gaurav Vaish
http://mastergaurav.org
http://mastergaurav.blogspot.com
----------------------------

 
Reply With Quote
 
Brock Allen
Guest
Posts: n/a
 
      04-06-2005
But how are distinct Sessions identified? Yep, with cookies

If you put that info into a cookie then you most certainly should encrypt
and MAC protect it so it can't be viewed or modified by the end user (or
an attacker). Beware, the more security code you write the less secure your
app tends to be.

-Brock
DevelopMentor
http://staff.develop.com/ballen



> Cookie!
> Is there no other way? Putting it in session... would that work fine?
> Cheers,
> Gaurav Vaish
> http://mastergaurav.org
> http://mastergaurav.blogspot.com
> ----------------------------




 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Extending IIdentity help Spondishy ASP .Net 2 07-19-2006 08:15 PM
Custom IIdentity w/ FormsAuthentication Spam Catcher ASP .Net 2 01-07-2006 04:17 AM
Stupid Question ? IIdentity Amar ASP .Net 1 12-07-2004 11:37 AM
IIdentity casting problem Craig Buchanan ASP .Net 4 02-24-2004 08:03 PM
Custom IIdentity class - how to set it? Tim Mulholland ASP .Net 6 02-24-2004 07:34 AM



Advertisments