Customer IPrincial and IIdentity

Discussion in 'ASP .Net Security' started by MasterGaurav, Apr 4, 2005.

  1. MasterGaurav

    MasterGaurav Guest

    Hi,

    I need to push some more information than just username and roles in
    the IPrincipal implementation.

    For this, I wrote the following code (during authentication):

    MyIdentity mi = new MyIdentity(....);
    MyPrincipal mp = new MyPrincipal(....);

    Context.User = mp;
    FormsAuthentication.SetAuthCookie(...);

    However, everytime I check for Context.User, I get a
    GenericPrincipal. How can I have my own MyPrincipal come into
    existence?



    CHeers,
    Gaurav Vaish
    http://mastergaurav.org
    http://mastergaurav.blogspot.com
    ----------------------------
    MasterGaurav, Apr 4, 2005
    #1
    1. Advertising

  2. You must re-assign your custom principal to the thread identity for each
    returning request. Use a cookie to store any specific information, grab that
    info from the cookie in the Applicatin_Authenticate event, then generate a
    custom principal and assign it to the threads context
    (HttpContext.Current.User)

    --

    - Paul Glavich
    ASP.NET MVP
    ASPInsider (www.aspinsiders.com)


    "MasterGaurav" <> wrote in message
    news:...
    > Hi,
    >
    > I need to push some more information than just username and roles in
    > the IPrincipal implementation.
    >
    > For this, I wrote the following code (during authentication):
    >
    > MyIdentity mi = new MyIdentity(....);
    > MyPrincipal mp = new MyPrincipal(....);
    >
    > Context.User = mp;
    > FormsAuthentication.SetAuthCookie(...);
    >
    > However, everytime I check for Context.User, I get a
    > GenericPrincipal. How can I have my own MyPrincipal come into
    > existence?
    >
    >
    >
    > CHeers,
    > Gaurav Vaish
    > http://mastergaurav.org
    > http://mastergaurav.blogspot.com
    > ----------------------------
    >
    Paul Glavich [MVP ASP.NET], Apr 4, 2005
    #2
    1. Advertising

  3. MasterGaurav

    MasterGaurav Guest

    MasterGaurav, Apr 6, 2005
    #3
  4. MasterGaurav

    Brock Allen Guest

    But how are distinct Sessions identified? Yep, with cookies :)

    If you put that info into a cookie then you most certainly should encrypt
    and MAC protect it so it can't be viewed or modified by the end user (or
    an attacker). Beware, the more security code you write the less secure your
    app tends to be.

    -Brock
    DevelopMentor
    http://staff.develop.com/ballen



    > Cookie!
    > Is there no other way? Putting it in session... would that work fine?
    > Cheers,
    > Gaurav Vaish
    > http://mastergaurav.org
    > http://mastergaurav.blogspot.com
    > ----------------------------
    Brock Allen, Apr 6, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Tim Mulholland

    Custom IIdentity class - how to set it?

    Tim Mulholland, Feb 20, 2004, in forum: ASP .Net
    Replies:
    6
    Views:
    4,638
    Steven Cheng[MSFT]
    Feb 24, 2004
  2. Craig Buchanan

    IIdentity casting problem

    Craig Buchanan, Feb 24, 2004, in forum: ASP .Net
    Replies:
    4
    Views:
    983
    Craig Buchanan
    Feb 24, 2004
  3. Amar

    Stupid Question ? IIdentity

    Amar, Dec 7, 2004, in forum: ASP .Net
    Replies:
    1
    Views:
    343
    Paul Glavich [MVP ASP.NET]
    Dec 7, 2004
  4. Spam Catcher

    Custom IIdentity w/ FormsAuthentication

    Spam Catcher, Jan 6, 2006, in forum: ASP .Net
    Replies:
    2
    Views:
    6,344
    Spam Catcher
    Jan 7, 2006
  5. Spondishy

    Extending IIdentity help

    Spondishy, Jul 19, 2006, in forum: ASP .Net
    Replies:
    2
    Views:
    1,284
    Spondishy
    Jul 19, 2006
Loading...

Share This Page