customize the httpcontext.current.user

[Victor]

Hi all
Does anyone has any reference or examples about how to customize the
httpcontext.current.user object to my own user object?

Cheers
Victor

 

[Walter Wang [MSFT]]

Hi Victor,

HttpContext.Current.User is of type IPrincipal; a Principal object contains
Identities and Roles. You can find an article on how to implement
IPrincipal in ASP.NET:

#Building Secure ASP.NET Applications: Authentication, Authorization, and
Secure Communication
http://msdn2.microsoft.com/en-us/library/aa302401.aspx

Please feel free to let me know if you have anything unclear. Thanks.


Sincerely,
Walter Wang ([email protected], remove 'online.')
Microsoft Online Community Support

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications. If you are using Outlook Express, please make sure you clear the
check box "Tools/Options/Read: Get 300 headers at a time" to see your reply
promptly.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Walter Wang [MSFT]]

Hi Victor,

Have you seen above suggestion? Would you please let me know the status of
this post? Thanks.


Regards,
Walter Wang ([email protected], remove 'online.')
Microsoft Online Community Support

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Victor]

Hi Walter:
Thanks for the reply. What I want is more complicated. I have a customized
user object. (which contains infomation about the user'a name gender email
homeaddress.. all sorts of the user detail info) The thing I want to achieve
is to store all the info in someplace (perfer not session) so that I can
access these info without accessing database everytime. I tried to overwrite
the httpcontext.current.user object. but i found after a new request, all my
infomation will be lost. only that three fields for the iidentity class left
(Name, IsAuthenticated ,AuthenticationType ). And I dont know how to fix
that. Now what i did is save my user infomation in the
httpcontext.current.items collection. that means i have initilize my user
object for each request, which is not exactly i want, but better than access
db everytime i try to use the user object.
Before that I also try to save the info in the thread's name slot. but i
found it's not stable when i use ajax in my website.

Do you know any other way to achieve my goal?

Thanks a lot
Victor

 

[Walter Wang [MSFT]]

Hi Victor,

I don't understand why the custom IPrincipal object will lose custom
information, unless the IPrincipal object is not the custom one already. I
mean: if your class implements IPrincipal and create the instance in
Application_AuthenticateRequest and assign to Context.User, it should keep
the reference and you can always cast it to your custom class when used. If
you only see the Name, IsAuthenticated, AuthenticationType properties,
that's because the reference type is IPrincipal. You need to cast it to
your custom class:

CustomPrincipal myPrincipal = (CustomPrincipal) HttpContext.Current.User;


Above code is about the custom IPrincipal, I understand you're implementing
a custom IIdentity, which is accessed from IPrincipal.Identity, which also
need to cast to your cusom implementation class to access those custom
information you added.


Take a step back to look at your question, I understand you only need to
store some information for the current logined user, I think customizing
the IPrincipal and IIdentity may not be needed. Based on my understanding,
such information should be ok if we store them in the Session and use a
well known key to access them, I'm wondering why you think the Session is
not appropriate here?



Regards,
Walter Wang ([email protected], remove 'online.')
Microsoft Online Community Support

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Victor]

Hi Walter:
The reason that I don't use session is because my manager don't want to use
that. He worries about if there are a lot of user access our website at the
same time (perhaps 10,000 at about 5mins something like that). It will crash
the session server. Is there good way to dealing this situation?

Thanks for the help!
Victor

 

[Walter Wang [MSFT]]

Hi Victor,

I understand your concern is about the performance maybe affected if you
store the user information in Session. However, if you want to avoid
querying database everytime the information is needed, I'm afraid saving it
in the Session state is really the only way to go.

Customizing HttpContext.Current requires you set it in every request
(Application_AuthenticateRequest), which doesn't meet your requirement.

To avoid 10000 users login in a very short time period, you could use lazy
loading to load the user information only when needed: you simply create a
utility method to return a User Information class from Session, and if it's
not in Session yet, you initialize it from database and store it in
Session.

Please reply to let me know your opinion on this suggestion.


Regards,
Walter Wang ([email protected], remove 'online.')
Microsoft Online Community Support

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Walter Wang [MSFT]]

Hi Victor,

Please let me know if you want to continue work on this issue. You can also
email me directly. Thanks.


Regards,
Walter Wang ([email protected], remove 'online.')
Microsoft Online Community Support

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Victor]

Hi Walter:
Thanks very much for your help. I decided to use session for now. I
aleardy apply lazy loading in my code.
thanks again for your help

Victor

 

[Walter Wang [MSFT]]

Hi Victor,

Thanks for the update.

Have a nice day!


Regards,
Walter Wang ([email protected], remove 'online.')
Microsoft Online Community Support

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.