Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > (CustomIdentity)Thread.CurrentPrincipal.Identity - Cast not Valid

Reply
Thread Tools

(CustomIdentity)Thread.CurrentPrincipal.Identity - Cast not Valid

 
 
John K
Guest
Posts: n/a
 
      09-19-2005
I have created CustomPrincipal and CustomIdentity classes. Everything works
great on my WinForms application, but as soon as i run my ASP.NET client I
get a System.InvalidCastException: Specified cast is not valid error on the
following line.

CustomIdentity id = (CustomIdentity)Thread.CurrentPrincipal.Identity;

The same exact code works in WinForms.

Help !

Thanks.

John


 
Reply With Quote
 
 
 
 
Dominick Baier [DevelopMentor]
Guest
Posts: n/a
 
      09-19-2005
Hello John,

you have to set the identity on every request. Gimme more info,
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> I have created CustomPrincipal and CustomIdentity classes. Everything
> works great on my WinForms application, but as soon as i run my
> ASP.NET client I get a System.InvalidCastException: Specified cast is
> not valid error on the following line.
>
> CustomIdentity id = (CustomIdentity)Thread.CurrentPrincipal.Identity;
>
> The same exact code works in WinForms.
>
> Help !
>
> Thanks.
>
> John
>



 
Reply With Quote
 
 
 
 
John K
Guest
Posts: n/a
 
      09-19-2005
----Logon.aspx-------------
//SET Thread.CurrentPrincipal
CustomIdentity id = new CustomIdentity(userTable);
CustomPrincipal p = new CustomPrincipal(id,roles);
System.AppDomain.CurrentDomain.SetThreadPrincipal( p);
Response.Redirect("SessionInfo", true);

----SessionInfo.aspx-------
//GET Thread.CurrentPrincipal
private void Page_Load(object sender, System.EventArgs e)
{
CustomPrincipal p = (CustomPrincipal)(Thread.CurrentPrincipal);
CustomIdentity id = (CustomIdentity)p.Identity; //INVALID CAST ERROR
}


If I use a GenericPrincipal and GenericIdentity it works fine.
As soon as I use my CustomPrincipal and CustomIdentity it fails (in asp.net
only)
The same code, same class used by a test WinForms app works fine.

 
Reply With Quote
 
John K
Guest
Posts: n/a
 
      09-19-2005
The same thing happens if I userHttpContext.Current.User.

 
Reply With Quote
 
Dominick Baier [DevelopMentor]
Guest
Posts: n/a
 
      09-19-2005
Hello John,

WinForms works totally different than ASP.NET.

In ASP.NET you have to set the principal on each request. So after you set
it (besides that this code won't work correctly at all in ASP.NET) - you
redirect to to session.aspx - this gets served by a different thread - and
your principal is lost

You should use forms authentication and handle the Authenticate_Request.

Have you had a look at Forms Authentication before?

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> ----Logon.aspx-------------
> //SET Thread.CurrentPrincipal
> CustomIdentity id = new CustomIdentity(userTable);
> CustomPrincipal p = new CustomPrincipal(id,roles);
> System.AppDomain.CurrentDomain.SetThreadPrincipal( p);
> Response.Redirect("SessionInfo", true);
> ----SessionInfo.aspx-------
> //GET Thread.CurrentPrincipal
> private void Page_Load(object sender, System.EventArgs e)
> {
> CustomPrincipal p = (CustomPrincipal)(Thread.CurrentPrincipal);
> CustomIdentity id = (CustomIdentity)p.Identity; //INVALID CAST ERROR
> }
> If I use a GenericPrincipal and GenericIdentity it works fine.
> As soon as I use my CustomPrincipal and CustomIdentity it fails (in
> asp.net
> only)
> The same code, same class used by a test WinForms app works fine



 
Reply With Quote
 
John K
Guest
Posts: n/a
 
      09-19-2005
This is from my Application_AuthenticateRequest method:

//USING CUSTOMPRINCIPAL
if (HttpContext.Current.User.Identity.AuthenticationT ype == "Forms" )
System.Web.Security.FormsIdentity id;
id = (System.Web.Security.FormsIdentity)HttpContext.Cur rent.User.Identity;

//The following causes INVALID CAST
//CustomIdentity id;
//id = (CustomIdentity)HttpContext.Current.User.Identity; INVALID CAST


// Find the roles for the user.
string[] roles = id.Ticket.UserData.Split('|');
HttpContext.Current.User = new CustomPrincipal(id,roles);
}


Casting from HttpContext.Current.User.Identity or
Thread.CurrentPrincipal.Identity
only work with FormsIdentity or GenericIdentity, not my CustomIdentity.
Even though all three inherhit from IIdentity.


 
Reply With Quote
 
Dominick Baier [DevelopMentor]
Guest
Posts: n/a
 
      09-19-2005
Hello John,

if you are using forms auth - in authenticate_request Context.User.Identity
will always be FormsIdentity - you have to generate you CustomIdentity at
each request from the information in the forms idenity - and then set Context.User.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> This is from my Application_AuthenticateRequest method:
>
> //USING CUSTOMPRINCIPAL
> if (HttpContext.Current.User.Identity.AuthenticationT ype == "Forms" )
> System.Web.Security.FormsIdentity id;
> id =
> (System.Web.Security.FormsIdentity)HttpContext.Cur rent.User.Identity;
> //The following causes INVALID CAST
> //CustomIdentity id;
> //id = (CustomIdentity)HttpContext.Current.User.Identity; INVALID CAST
> // Find the roles for the user.
> string[] roles = id.Ticket.UserData.Split('|');
> HttpContext.Current.User = new CustomPrincipal(id,roles);
> }
> Casting from HttpContext.Current.User.Identity or
> Thread.CurrentPrincipal.Identity
> only work with FormsIdentity or GenericIdentity, not my
> CustomIdentity.
> Even though all three inherhit from IIdentity.



 
Reply With Quote
 
John K
Guest
Posts: n/a
 
      09-20-2005
Is Application_AuthenticateRequest called with every page request?

 
Reply With Quote
 
Dominick Baier [DevelopMentor]
Guest
Posts: n/a
 
      09-20-2005
Hello John,

yes
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> Is Application_AuthenticateRequest called with every page request?
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Is the result of valid dynamic cast always equal to the result ofcorrespondent static cast? Pavel C++ 7 09-18-2010 11:35 PM
Error: specified cast is not valid. Why not? Alan Silver ASP .Net 5 02-15-2005 08:08 PM
User Control - InvalidCastException: Specified cast is not valid Ajit ASP .Net 1 04-24-2004 09:28 PM
malloc - to cast or not to cast, that is the question... EvilRix C Programming 8 02-14-2004 12:08 PM
to cast or not to cast malloc ? MSG C Programming 38 02-10-2004 03:13 PM



Advertisments