(CustomIdentity)Thread.CurrentPrincipal.Identity - Cast not Valid

09-19-2005

I have created CustomPrincipal and CustomIdentity classes. Everything works
great on my WinForms application, but as soon as i run my ASP.NET client I
get a System.InvalidCastException: Specified cast is not valid error on the
following line.

CustomIdentity id = (CustomIdentity)Thread.CurrentPrincipal.Identity;

The same exact code works in WinForms.

Help !

Thanks.

John

09-19-2005

Hello John,

you have to set the identity on every request. Gimme more info,
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> I have created CustomPrincipal and CustomIdentity classes. Everything
> works great on my WinForms application, but as soon as i run my
> ASP.NET client I get a System.InvalidCastException: Specified cast is
> not valid error on the following line.
>
> CustomIdentity id = (CustomIdentity)Thread.CurrentPrincipal.Identity;
>
> The same exact code works in WinForms.
>
> Help !
>
> Thanks.
>
> John
>

09-19-2005

----Logon.aspx-------------
//SET Thread.CurrentPrincipal
CustomIdentity id = new CustomIdentity(userTable);
CustomPrincipal p = new CustomPrincipal(id,roles);
System.AppDomain.CurrentDomain.SetThreadPrincipal( p);
Response.Redirect("SessionInfo", true);

----SessionInfo.aspx-------
//GET Thread.CurrentPrincipal
private void Page_Load(object sender, System.EventArgs e)
{
CustomPrincipal p = (CustomPrincipal)(Thread.CurrentPrincipal);
CustomIdentity id = (CustomIdentity)p.Identity; //INVALID CAST ERROR
}

If I use a GenericPrincipal and GenericIdentity it works fine.
As soon as I use my CustomPrincipal and CustomIdentity it fails (in asp.net
only)
The same code, same class used by a test WinForms app works fine.

09-19-2005

The same thing happens if I userHttpContext.Current.User.

09-19-2005

Hello John,

WinForms works totally different than ASP.NET.

In ASP.NET you have to set the principal on each request. So after you set
it (besides that this code won't work correctly at all in ASP.NET) - you
redirect to to session.aspx - this gets served by a different thread - and
your principal is lost

You should use forms authentication and handle the Authenticate_Request.

Have you had a look at Forms Authentication before?

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> ----Logon.aspx-------------
> //SET Thread.CurrentPrincipal
> CustomIdentity id = new CustomIdentity(userTable);
> CustomPrincipal p = new CustomPrincipal(id,roles);
> System.AppDomain.CurrentDomain.SetThreadPrincipal( p);
> Response.Redirect("SessionInfo", true);
> ----SessionInfo.aspx-------
> //GET Thread.CurrentPrincipal
> private void Page_Load(object sender, System.EventArgs e)
> {
> CustomPrincipal p = (CustomPrincipal)(Thread.CurrentPrincipal);
> CustomIdentity id = (CustomIdentity)p.Identity; //INVALID CAST ERROR
> }
> If I use a GenericPrincipal and GenericIdentity it works fine.
> As soon as I use my CustomPrincipal and CustomIdentity it fails (in
> asp.net
> only)
> The same code, same class used by a test WinForms app works fine

09-19-2005

This is from my Application_AuthenticateRequest method:

//USING CUSTOMPRINCIPAL
if (HttpContext.Current.User.Identity.AuthenticationT ype == "Forms" )
System.Web.Security.FormsIdentity id;
id = (System.Web.Security.FormsIdentity)HttpContext.Cur rent.User.Identity;

//The following causes INVALID CAST
//CustomIdentity id;
//id = (CustomIdentity)HttpContext.Current.User.Identity; INVALID CAST

// Find the roles for the user.
string[] roles = id.Ticket.UserData.Split('|');
HttpContext.Current.User = new CustomPrincipal(id,roles);
}

Casting from HttpContext.Current.User.Identity or
Thread.CurrentPrincipal.Identity
only work with FormsIdentity or GenericIdentity, not my CustomIdentity.
Even though all three inherhit from IIdentity.

09-19-2005

Hello John,

if you are using forms auth - in authenticate_request Context.User.Identity
will always be FormsIdentity - you have to generate you CustomIdentity at
each request from the information in the forms idenity - and then set Context.User.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> This is from my Application_AuthenticateRequest method:
>
> //USING CUSTOMPRINCIPAL
> if (HttpContext.Current.User.Identity.AuthenticationT ype == "Forms" )
> System.Web.Security.FormsIdentity id;
> id =
> (System.Web.Security.FormsIdentity)HttpContext.Cur rent.User.Identity;
> //The following causes INVALID CAST
> //CustomIdentity id;
> //id = (CustomIdentity)HttpContext.Current.User.Identity; INVALID CAST
> // Find the roles for the user.
> string[] roles = id.Ticket.UserData.Split('|');
> HttpContext.Current.User = new CustomPrincipal(id,roles);
> }
> Casting from HttpContext.Current.User.Identity or
> Thread.CurrentPrincipal.Identity
> only work with FormsIdentity or GenericIdentity, not my
> CustomIdentity.
> Even though all three inherhit from IIdentity.

09-20-2005

Is Application_AuthenticateRequest called with every page request?

09-20-2005

Hello John,

yes
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> Is Application_AuthenticateRequest called with every page request?
>

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Is the result of valid dynamic cast always equal to the result ofcorrespondent static cast?	Pavel	C++	7	09-18-2010 11:35 PM
Error: specified cast is not valid. Why not?	Alan Silver	ASP .Net	5	02-15-2005 08:08 PM
User Control - InvalidCastException: Specified cast is not valid	Ajit	ASP .Net	1	04-24-2004 09:28 PM
malloc - to cast or not to cast, that is the question...	EvilRix	C Programming	8	02-14-2004 12:08 PM
to cast or not to cast malloc ?	MSG	C Programming	38	02-10-2004 03:13 PM