(CustomIdentity)Thread.CurrentPrincipal.Identity - Cast not Valid

[John K]

I have created CustomPrincipal and CustomIdentity classes. Everything works
great on my WinForms application, but as soon as i run my ASP.NET client I
get a System.InvalidCastException: Specified cast is not valid error on the
following line.

CustomIdentity id = (CustomIdentity)Thread.CurrentPrincipal.Identity;

The same exact code works in WinForms.

Help !

Thanks.

John

 

[Dominick Baier [DevelopMentor]]

Hello John,

you have to set the identity on every request. Gimme more info,

 

[John K]

----Logon.aspx-------------
//SET Thread.CurrentPrincipal
CustomIdentity id = new CustomIdentity(userTable);
CustomPrincipal p = new CustomPrincipal(id,roles);
System.AppDomain.CurrentDomain.SetThreadPrincipal(p);
Response.Redirect("SessionInfo", true);

----SessionInfo.aspx-------
//GET Thread.CurrentPrincipal
private void Page_Load(object sender, System.EventArgs e)
{
CustomPrincipal p = (CustomPrincipal)(Thread.CurrentPrincipal);
CustomIdentity id = (CustomIdentity)p.Identity; //INVALID CAST ERROR
}


If I use a GenericPrincipal and GenericIdentity it works fine.
As soon as I use my CustomPrincipal and CustomIdentity it fails (in asp.net
only)
The same code, same class used by a test WinForms app works fine.

 

[John K]

The same thing happens if I userHttpContext.Current.User.

 

[Dominick Baier [DevelopMentor]]

Hello John,

WinForms works totally different than ASP.NET.

In ASP.NET you have to set the principal on each request. So after you set
it (besides that this code won't work correctly at all in ASP.NET) - you
redirect to to session.aspx - this gets served by a different thread - and
your principal is lost

You should use forms authentication and handle the Authenticate_Request.

Have you had a look at Forms Authentication before?

 

[John K]

This is from my Application_AuthenticateRequest method:

//USING CUSTOMPRINCIPAL
if (HttpContext.Current.User.Identity.AuthenticationType == "Forms" )
System.Web.Security.FormsIdentity id;
id = (System.Web.Security.FormsIdentity)HttpContext.Current.User.Identity;

//The following causes INVALID CAST
//CustomIdentity id;
//id = (CustomIdentity)HttpContext.Current.User.Identity; INVALID CAST


// Find the roles for the user.
string[] roles = id.Ticket.UserData.Split('|');
HttpContext.Current.User = new CustomPrincipal(id,roles);
}


Casting from HttpContext.Current.User.Identity or
Thread.CurrentPrincipal.Identity
only work with FormsIdentity or GenericIdentity, not my CustomIdentity.
Even though all three inherhit from IIdentity.

 

[Dominick Baier [DevelopMentor]]

Hello John,

if you are using forms auth - in authenticate_request Context.User.Identity
will always be FormsIdentity - you have to generate you CustomIdentity at
each request from the information in the forms idenity - and then set Context.User.

 

[John K]

Is Application_AuthenticateRequest called with every page request?

 

[Dominick Baier [DevelopMentor]]

Hello John,

yes