Custom IPrincipal // Hacking the Application_AuthenticateRequest method // Something better in 2.0?

sloan · Jun 27, 2007

I've been reading this article:
http://msdn2.microsoft.com/EN-US/library/aa302401.aspx

Building Secure ASP.NET Applications: Authentication, Authorization, and
Secure Communication

(the article is for 1.1)
(i'm using 2.0)

The article is good. Then you get to the part about:::::::::::::

protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
}

That you have to "hack in" a way to keep your custom IPrincipal alive and
well.

(I discovered this because when I did the following:

CustomPrincipal customPrinc = new CustomPrincipal(ident);
System.Web.HttpContext.Current.User = customPrinc ;

then you went to the next page, the System.Web.HttpContext.Current.User was
a GenericPrincipal) and not an instance of CustomPrincipal like I would
expect.

.............

Is there a better way to handle this in 2.0, rather than hacking into the
Application_AuthenticateRequest method?

With the provider model in 2.0 I would expect something (similar) to:

<authentication mode= "MyCustomAuthenicator"/>

But no go on that.

There's gotta be a better way in 2.0 ?!?

Thanks!

How To: Implement IPrincipal in ASP.NET 2.0	0	Mar 27, 2007
Form authentication & Custom Principal implementation	2	Nov 21, 2004
Custom login will not work	1	Sep 13, 2006
Problems With Custom RoleProvider and Forms Authentication	8	Mar 17, 2007
ASP.NET 2.0 Custom Profile Provider	2	Nov 3, 2006
Authorization Failed - 401 - Custom Errors	0	Mar 20, 2006
Q: Using the "Windows" Authentication method in With ASP.NET 2.0	2	Nov 23, 2005
ASP.NET 2.0: custom base Page class (derived from System.Web.UI.Page)	0	Dec 15, 2005

Custom IPrincipal // Hacking the Application_AuthenticateRequest method // Something better in 2.0?

sloan

Ask a Question

Similar Threads

Members online

Forum statistics

Latest Threads