Custom IIdentity class - how to set it?

Discussion in 'ASP .Net' started by Tim Mulholland, Feb 20, 2004.

  1. I have created my own IIdentity class (actually inherited from
    GenericIdentity) to contain lots of extra useful information to be passed
    around with the user's basic information.
    The class compiles fine, no problems there.

    My problem is that i'm not sure where to actually set this to be part of the
    HttpContext. I know that the IIdentity stuff is part of a principal (which
    in my case will be a GenericPrinciple i suppose since i'm using forms
    authentication). So i figure it needs to be whenever the HttpContext.User
    object is set.

    What event is raised that i need to handle to be able to do this? I'm going
    to be controlling all of the authentication using custom forms
    authentication.

    Is there a good tutorial about this type of stuff (the 'flow' of the
    authentication information) that someone could point me to?

    Thanks in advance,

    Tim
    Tim Mulholland, Feb 20, 2004
    #1
    1. Advertising

  2. "Tim Mulholland" <> wrote in message
    news:...
    > I have created my own IIdentity class (actually inherited from
    > GenericIdentity) to contain lots of extra useful information to be passed
    > around with the user's basic information.
    > The class compiles fine, no problems there.
    >
    > My problem is that i'm not sure where to actually set this to be part of

    the
    > HttpContext. I know that the IIdentity stuff is part of a principal (which
    > in my case will be a GenericPrinciple i suppose since i'm using forms
    > authentication). So i figure it needs to be whenever the HttpContext.User
    > object is set.
    >
    > What event is raised that i need to handle to be able to do this? I'm

    going
    > to be controlling all of the authentication using custom forms
    > authentication.


    You need to do this sort of thing in the Application_AuthenticateRequest
    event in global.asax.

    Be sure to check Request.IsAuthenticated, first, though!
    --
    John Saunders
    John.Saunders at SurfControl.com
    John Saunders, Feb 20, 2004
    #2
    1. Advertising

  3. i've been looking into that...
    am i correct then in thinking that this event will be raised multiple times
    per page request, and i'll handle it when they've been authenticated and
    fill in the User information then? So then the user information would be
    recreated (accessed from a db, or whatever) everytime a page loads?
    Is there a better way to do that?
    Or am i just totally missing something?

    "John Saunders" <john.saunders at SurfControl.com> wrote in message
    news:ejYQ9I$...
    > "Tim Mulholland" <> wrote in message
    > news:...
    > > I have created my own IIdentity class (actually inherited from
    > > GenericIdentity) to contain lots of extra useful information to be

    passed
    > > around with the user's basic information.
    > > The class compiles fine, no problems there.
    > >
    > > My problem is that i'm not sure where to actually set this to be part of

    > the
    > > HttpContext. I know that the IIdentity stuff is part of a principal

    (which
    > > in my case will be a GenericPrinciple i suppose since i'm using forms
    > > authentication). So i figure it needs to be whenever the

    HttpContext.User
    > > object is set.
    > >
    > > What event is raised that i need to handle to be able to do this? I'm

    > going
    > > to be controlling all of the authentication using custom forms
    > > authentication.

    >
    > You need to do this sort of thing in the Application_AuthenticateRequest
    > event in global.asax.
    >
    > Be sure to check Request.IsAuthenticated, first, though!
    > --
    > John Saunders
    > John.Saunders at SurfControl.com
    >
    >
    Tim Mulholland, Feb 20, 2004
    #3
  4. "Tim Mulholland" <> wrote in message
    news:uOeF4R$...
    > i've been looking into that...
    > am i correct then in thinking that this event will be raised multiple

    times
    > per page request, and i'll handle it when they've been authenticated and
    > fill in the User information then? So then the user information would be
    > recreated (accessed from a db, or whatever) everytime a page loads?
    > Is there a better way to do that?
    > Or am i just totally missing something?


    No. The event will only be raised once per page.

    And, yes, it does have to be recreated every page load - so it would be a
    good idea to avoid a database hit on each load. Many people do this by
    setting the UserData field of the FormsAuthenticationTicket on their login
    page, then reading the UserData during Application_AuthenticateRequest. The
    idea would be to use it to hold information you'd otherwise have to go to
    the database for, but which you don't mind having a bit out of date (it will
    be from the time of login, if you never refresh it).

    --
    John Saunders
    John.Saunders at SurfControl.com


    > "John Saunders" <john.saunders at SurfControl.com> wrote in message
    > news:ejYQ9I$...
    > > "Tim Mulholland" <> wrote in message
    > > news:...
    > > > I have created my own IIdentity class (actually inherited from
    > > > GenericIdentity) to contain lots of extra useful information to be

    > passed
    > > > around with the user's basic information.
    > > > The class compiles fine, no problems there.
    > > >
    > > > My problem is that i'm not sure where to actually set this to be part

    of
    > > the
    > > > HttpContext. I know that the IIdentity stuff is part of a principal

    > (which
    > > > in my case will be a GenericPrinciple i suppose since i'm using forms
    > > > authentication). So i figure it needs to be whenever the

    > HttpContext.User
    > > > object is set.
    > > >
    > > > What event is raised that i need to handle to be able to do this? I'm

    > > going
    > > > to be controlling all of the authentication using custom forms
    > > > authentication.

    > >
    > > You need to do this sort of thing in the Application_AuthenticateRequest
    > > event in global.asax.
    > >
    > > Be sure to check Request.IsAuthenticated, first, though!
    > > --
    > > John Saunders
    > > John.Saunders at SurfControl.com
    > >
    > >

    >
    >
    John Saunders, Feb 20, 2004
    #4
  5. Thanks for the help John. Much appreciated.

    Tim

    "John Saunders" <john.saunders at SurfControl.com> wrote in message
    news:enlrnX$...
    > "Tim Mulholland" <> wrote in message
    > news:uOeF4R$...
    > > i've been looking into that...
    > > am i correct then in thinking that this event will be raised multiple

    > times
    > > per page request, and i'll handle it when they've been authenticated and
    > > fill in the User information then? So then the user information would be
    > > recreated (accessed from a db, or whatever) everytime a page loads?
    > > Is there a better way to do that?
    > > Or am i just totally missing something?

    >
    > No. The event will only be raised once per page.
    >
    > And, yes, it does have to be recreated every page load - so it would be a
    > good idea to avoid a database hit on each load. Many people do this by
    > setting the UserData field of the FormsAuthenticationTicket on their login
    > page, then reading the UserData during Application_AuthenticateRequest.

    The
    > idea would be to use it to hold information you'd otherwise have to go to
    > the database for, but which you don't mind having a bit out of date (it

    will
    > be from the time of login, if you never refresh it).
    >
    > --
    > John Saunders
    > John.Saunders at SurfControl.com
    >
    >
    > > "John Saunders" <john.saunders at SurfControl.com> wrote in message
    > > news:ejYQ9I$...
    > > > "Tim Mulholland" <> wrote in message
    > > > news:...
    > > > > I have created my own IIdentity class (actually inherited from
    > > > > GenericIdentity) to contain lots of extra useful information to be

    > > passed
    > > > > around with the user's basic information.
    > > > > The class compiles fine, no problems there.
    > > > >
    > > > > My problem is that i'm not sure where to actually set this to be

    part
    > of
    > > > the
    > > > > HttpContext. I know that the IIdentity stuff is part of a principal

    > > (which
    > > > > in my case will be a GenericPrinciple i suppose since i'm using

    forms
    > > > > authentication). So i figure it needs to be whenever the

    > > HttpContext.User
    > > > > object is set.
    > > > >
    > > > > What event is raised that i need to handle to be able to do this?

    I'm
    > > > going
    > > > > to be controlling all of the authentication using custom forms
    > > > > authentication.
    > > >
    > > > You need to do this sort of thing in the

    Application_AuthenticateRequest
    > > > event in global.asax.
    > > >
    > > > Be sure to check Request.IsAuthenticated, first, though!
    > > > --
    > > > John Saunders
    > > > John.Saunders at SurfControl.com
    > > >
    > > >

    > >
    > >

    >
    >
    Tim Mulholland, Feb 20, 2004
    #5
  6. Hi Tim,



    Thanks for posting in the community!
    From your description, you're using the FormsAuthentication in ASP.NET and
    you're wondering the time when to set the customized principle object(with
    the proper roles) to the HttpContext.Current.User, yes?

    Based on my expericence, generally , in formsauthentication, since the
    roles must be retrieved and set manually via code, so we can put those code
    in the Application_AuthenticateRequest event of the global
    object(global.asax/global.asax.cs). At that time ,the request hasn't been
    processed , we can first retireved all the proper roles of the current user
    from our datasource and create a principle objectd and set it to the
    HttpContext.Current.User, for example:
    ---------------------
    Sub Application_AuthenticateRequest....
    'f?rst hentes roller for brugeren ud i
    'array'et roleListArray... og derefter:
    HttpContext.Current.User =
    New GenericPrincipal(User.Identity, roleListArray)
    end sub
    ---------------------

    And here are two tech articles discussing detailedly on this:

    #HOW TO: Implement Role-Based Security with Forms-Based Authentication in
    Your ASP.NET Application by Using Visual C# .NET
    http://support.microsoft.com/?id=311495

    #Using Forms Authentication in ASP.NET
    http://www.xoc.net/works/tips/forms-authentication.asp

    Please check out the above things to see whether they answer your question.



    Regards,

    Steven Cheng
    Microsoft Online Support

    Get Secure! www.microsoft.com/security
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)

    Get Preview at ASP.NET whidbey
    http://msdn.microsoft.com/asp.net/whidbey/default.aspx
    Steven Cheng[MSFT], Feb 21, 2004
    #6
  7. Hi Tim,


    Have you had a chance to check out the suggestions in my last reply or have
    you got any ideas on this issue? If you have anything unclear or need any
    further help, please feel free to post here.


    Regards,

    Steven Cheng
    Microsoft Online Support

    Get Secure! www.microsoft.com/security
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)

    Get Preview at ASP.NET whidbey
    http://msdn.microsoft.com/asp.net/whidbey/default.aspx
    Steven Cheng[MSFT], Feb 24, 2004
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Craig Buchanan

    IIdentity casting problem

    Craig Buchanan, Feb 24, 2004, in forum: ASP .Net
    Replies:
    4
    Views:
    981
    Craig Buchanan
    Feb 24, 2004
  2. Amar

    Stupid Question ? IIdentity

    Amar, Dec 7, 2004, in forum: ASP .Net
    Replies:
    1
    Views:
    342
    Paul Glavich [MVP ASP.NET]
    Dec 7, 2004
  3. Spam Catcher

    Custom IIdentity w/ FormsAuthentication

    Spam Catcher, Jan 6, 2006, in forum: ASP .Net
    Replies:
    2
    Views:
    6,341
    Spam Catcher
    Jan 7, 2006
  4. Random

    Custom IIdentity object casting

    Random, Jan 25, 2008, in forum: ASP .Net
    Replies:
    0
    Views:
    438
    Random
    Jan 25, 2008
  5. Corker

    Override User.Identity.Name or Custom IIdentity

    Corker, Mar 8, 2010, in forum: ASP .Net Security
    Replies:
    1
    Views:
    1,266
    Joe Kaplan
    Mar 10, 2010
Loading...

Share This Page