(CustomIdentity)Thread.CurrentPrincipal.Identity - Cast not Valid

Discussion in 'ASP .Net Security' started by John K, Sep 19, 2005.

  1. John K

    John K Guest

    I have created CustomPrincipal and CustomIdentity classes. Everything works
    great on my WinForms application, but as soon as i run my ASP.NET client I
    get a System.InvalidCastException: Specified cast is not valid error on the
    following line.

    CustomIdentity id = (CustomIdentity)Thread.CurrentPrincipal.Identity;

    The same exact code works in WinForms.

    Help !

    Thanks.

    John
     
    John K, Sep 19, 2005
    #1
    1. Advertising

  2. Hello John,

    you have to set the identity on every request. Gimme more info,
    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > I have created CustomPrincipal and CustomIdentity classes. Everything
    > works great on my WinForms application, but as soon as i run my
    > ASP.NET client I get a System.InvalidCastException: Specified cast is
    > not valid error on the following line.
    >
    > CustomIdentity id = (CustomIdentity)Thread.CurrentPrincipal.Identity;
    >
    > The same exact code works in WinForms.
    >
    > Help !
    >
    > Thanks.
    >
    > John
    >
     
    Dominick Baier [DevelopMentor], Sep 19, 2005
    #2
    1. Advertising

  3. John K

    John K Guest

    Re: (CustomIdentity)Thread.CurrentPrincipal.Identity - Cast not Va

    ----Logon.aspx-------------
    //SET Thread.CurrentPrincipal
    CustomIdentity id = new CustomIdentity(userTable);
    CustomPrincipal p = new CustomPrincipal(id,roles);
    System.AppDomain.CurrentDomain.SetThreadPrincipal(p);
    Response.Redirect("SessionInfo", true);

    ----SessionInfo.aspx-------
    //GET Thread.CurrentPrincipal
    private void Page_Load(object sender, System.EventArgs e)
    {
    CustomPrincipal p = (CustomPrincipal)(Thread.CurrentPrincipal);
    CustomIdentity id = (CustomIdentity)p.Identity; //INVALID CAST ERROR
    }


    If I use a GenericPrincipal and GenericIdentity it works fine.
    As soon as I use my CustomPrincipal and CustomIdentity it fails (in asp.net
    only)
    The same code, same class used by a test WinForms app works fine.
     
    John K, Sep 19, 2005
    #3
  4. John K

    John K Guest

    Re: (CustomIdentity)Thread.CurrentPrincipal.Identity - Cast not Va

    The same thing happens if I userHttpContext.Current.User.
     
    John K, Sep 19, 2005
    #4
  5. Re: (CustomIdentity)Thread.CurrentPrincipal.Identity - Cast not Va

    Hello John,

    WinForms works totally different than ASP.NET.

    In ASP.NET you have to set the principal on each request. So after you set
    it (besides that this code won't work correctly at all in ASP.NET) - you
    redirect to to session.aspx - this gets served by a different thread - and
    your principal is lost

    You should use forms authentication and handle the Authenticate_Request.

    Have you had a look at Forms Authentication before?

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > ----Logon.aspx-------------
    > //SET Thread.CurrentPrincipal
    > CustomIdentity id = new CustomIdentity(userTable);
    > CustomPrincipal p = new CustomPrincipal(id,roles);
    > System.AppDomain.CurrentDomain.SetThreadPrincipal(p);
    > Response.Redirect("SessionInfo", true);
    > ----SessionInfo.aspx-------
    > //GET Thread.CurrentPrincipal
    > private void Page_Load(object sender, System.EventArgs e)
    > {
    > CustomPrincipal p = (CustomPrincipal)(Thread.CurrentPrincipal);
    > CustomIdentity id = (CustomIdentity)p.Identity; //INVALID CAST ERROR
    > }
    > If I use a GenericPrincipal and GenericIdentity it works fine.
    > As soon as I use my CustomPrincipal and CustomIdentity it fails (in
    > asp.net
    > only)
    > The same code, same class used by a test WinForms app works fine
     
    Dominick Baier [DevelopMentor], Sep 19, 2005
    #5
  6. John K

    John K Guest

    Re: (CustomIdentity)Thread.CurrentPrincipal.Identity - Cast not Va

    This is from my Application_AuthenticateRequest method:

    //USING CUSTOMPRINCIPAL
    if (HttpContext.Current.User.Identity.AuthenticationType == "Forms" )
    System.Web.Security.FormsIdentity id;
    id = (System.Web.Security.FormsIdentity)HttpContext.Current.User.Identity;

    //The following causes INVALID CAST
    //CustomIdentity id;
    //id = (CustomIdentity)HttpContext.Current.User.Identity; INVALID CAST


    // Find the roles for the user.
    string[] roles = id.Ticket.UserData.Split('|');
    HttpContext.Current.User = new CustomPrincipal(id,roles);
    }


    Casting from HttpContext.Current.User.Identity or
    Thread.CurrentPrincipal.Identity
    only work with FormsIdentity or GenericIdentity, not my CustomIdentity.
    Even though all three inherhit from IIdentity.
     
    John K, Sep 19, 2005
    #6
  7. Re: (CustomIdentity)Thread.CurrentPrincipal.Identity - Cast not Va

    Hello John,

    if you are using forms auth - in authenticate_request Context.User.Identity
    will always be FormsIdentity - you have to generate you CustomIdentity at
    each request from the information in the forms idenity - and then set Context.User.

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > This is from my Application_AuthenticateRequest method:
    >
    > //USING CUSTOMPRINCIPAL
    > if (HttpContext.Current.User.Identity.AuthenticationType == "Forms" )
    > System.Web.Security.FormsIdentity id;
    > id =
    > (System.Web.Security.FormsIdentity)HttpContext.Current.User.Identity;
    > //The following causes INVALID CAST
    > //CustomIdentity id;
    > //id = (CustomIdentity)HttpContext.Current.User.Identity; INVALID CAST
    > // Find the roles for the user.
    > string[] roles = id.Ticket.UserData.Split('|');
    > HttpContext.Current.User = new CustomPrincipal(id,roles);
    > }
    > Casting from HttpContext.Current.User.Identity or
    > Thread.CurrentPrincipal.Identity
    > only work with FormsIdentity or GenericIdentity, not my
    > CustomIdentity.
    > Even though all three inherhit from IIdentity.
     
    Dominick Baier [DevelopMentor], Sep 19, 2005
    #7
  8. John K

    John K Guest

    Re: (CustomIdentity)Thread.CurrentPrincipal.Identity - Cast not Va

    Is Application_AuthenticateRequest called with every page request?
     
    John K, Sep 20, 2005
    #8
  9. Re: (CustomIdentity)Thread.CurrentPrincipal.Identity - Cast not Va

    Hello John,

    yes
    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > Is Application_AuthenticateRequest called with every page request?
    >
     
    Dominick Baier [DevelopMentor], Sep 20, 2005
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jon Paugh
    Replies:
    0
    Views:
    401
    Jon Paugh
    Jan 22, 2004
  2. Ken
    Replies:
    2
    Views:
    2,859
  3. Brian Stoop
    Replies:
    1
    Views:
    413
    Brian Stoop
    May 9, 2008
  4. Dune88
    Replies:
    0
    Views:
    337
    Dune88
    Oct 10, 2008
  5. Michael Ames

    HttpContext.Current.User vs. Thread.CurrentPrincipal

    Michael Ames, Nov 13, 2003, in forum: ASP .Net Security
    Replies:
    1
    Views:
    366
    Ram Sunkara [msft]
    Nov 14, 2003
Loading...

Share This Page