how to update context.user without postback ...ing

Discussion in 'ASP .Net Security' started by Softlion, Feb 9, 2008.

  1. Softlion

    Softlion Guest

    Hi,
    I'm using form authentication in a user control with fires an onSignedOn
    event to registered page controls,
    so there is no need to postback a second time to reflect changes.

    It seems the Context.User.Identity stays a GenericIdentity object even after
    calling FormsAuthentication.SetAuthCookie, and there is no method in the
    FormsAuthentication class to do that.

    Is the source code for FormsAuthentication class available ?
    Any workaround without postbacking ?

    Thanks.
    ___________________
    http://www.softlion.com/
    Web tools and games
     
    Softlion, Feb 9, 2008
    #1
    1. Advertising

  2. Context.User gets populated after the postback by the formsauthentication
    module. If you don't need a postback -set Context.User yourself.

    Source code is available. As all the ASP.NET code is. Just google.

    -----
    Dominick Baier (http://www.leastprivilege.com)

    Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

    > Hi,
    > I'm using form authentication in a user control with fires an
    > onSignedOn
    > event to registered page controls,
    > so there is no need to postback a second time to reflect changes.
    > It seems the Context.User.Identity stays a GenericIdentity object even
    > after calling FormsAuthentication.SetAuthCookie, and there is no
    > method in the FormsAuthentication class to do that.
    >
    > Is the source code for FormsAuthentication class available ? Any
    > workaround without postbacking ?
    >
    > Thanks.
    > ___________________
    > http://www.softlion.com/
    > Web tools and games
     
    Dominick Baier, Feb 9, 2008
    #2
    1. Advertising

  3. Softlion

    Softlion Guest

    From FormsAuthenticationModule.cs source code line 140 :

    ////////////////////////////////////////////////////////////
    // Step 6: Create a user object for the ticket
    e.Context.SetPrincipalNoDemand(new GenericPrincipal(new
    FormsIdentity(ticket2), new String[0]));


    SetPrincipalNoDemand is a non public function,
    and Context.User is read only ....

    Any other idea ?

    --
    ____________________
    http://www.softlion.com/
    Web tools and games

    "Dominick Baier" <dbaier@pleasepleasenospam_leastprivilege.com> a écrit dans
    le message de news: ...
    > Context.User gets populated after the postback by the formsauthentication
    > module. If you don't need a postback -set Context.User yourself.
    >
    > Source code is available. As all the ASP.NET code is. Just google.
    >
    > -----
    > Dominick Baier (http://www.leastprivilege.com)
    >
    > Developing More Secure Microsoft ASP.NET 2.0 Applications
    > (http://www.microsoft.com/mspress/books/9989.asp)
    >
    >> Hi,
    >> I'm using form authentication in a user control with fires an
    >> onSignedOn
    >> event to registered page controls,
    >> so there is no need to postback a second time to reflect changes.
    >> It seems the Context.User.Identity stays a GenericIdentity object even
    >> after calling FormsAuthentication.SetAuthCookie, and there is no
    >> method in the FormsAuthentication class to do that.
    >>
    >> Is the source code for FormsAuthentication class available ? Any
    >> workaround without postbacking ?
    >>
    >> Thanks.
    >> ___________________
    >> http://www.softlion.com/
    >> Web tools and games

    >
    >
     
    Softlion, Feb 9, 2008
    #3
  4. Softlion

    Softlion Guest

    Maybe not in fact. There is a public set which calls SetPrincipalNoDemand.

    So :
    Context.User = new GenericPrincipal(new FormsIdentity(ticket2), new
    String[0]);
    should be sufficient ?


    (from HttpContext.cs):

    public IPrincipal User {
    get { return _user; }
    [SecurityPermission(SecurityAction.Demand, ControlPrincipal=true)]
    set {
    SetPrincipalNoDemand(value);
    }

    --
    ____________________
    http://www.softlion.com/
    Web tools and games

    "Dominick Baier" <dbaier@pleasepleasenospam_leastprivilege.com> a écrit dans
    le message de news: ...
    > Context.User gets populated after the postback by the formsauthentication
    > module. If you don't need a postback -set Context.User yourself.
    >
    > Source code is available. As all the ASP.NET code is. Just google.
    >
    > -----
    > Dominick Baier (http://www.leastprivilege.com)
    >
    > Developing More Secure Microsoft ASP.NET 2.0 Applications
    > (http://www.microsoft.com/mspress/books/9989.asp)
    >
    >> Hi,
    >> I'm using form authentication in a user control with fires an
    >> onSignedOn
    >> event to registered page controls,
    >> so there is no need to postback a second time to reflect changes.
    >> It seems the Context.User.Identity stays a GenericIdentity object even
    >> after calling FormsAuthentication.SetAuthCookie, and there is no
    >> method in the FormsAuthentication class to do that.
    >>
    >> Is the source code for FormsAuthentication class available ? Any
    >> workaround without postbacking ?
    >>
    >> Thanks.
    >> ___________________
    >> http://www.softlion.com/
    >> Web tools and games

    >
    >
     
    Softlion, Feb 9, 2008
    #4
  5. Softlion

    Softlion Guest

    Softlion, Feb 9, 2008
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Psych971
    Replies:
    5
    Views:
    4,659
    bruce barker
    Dec 17, 2004
  2. Evan M.
    Replies:
    1
    Views:
    1,230
    Evan M.
    Apr 18, 2007
  3. Fabio Mastria
    Replies:
    5
    Views:
    4,411
    TechMCAD13
    Jan 30, 2008
  4. Greg Ercolano
    Replies:
    5
    Views:
    316
    Greg Ercolano
    Mar 6, 2006
  5. Ilya Zakharevich

    destroying IO::Handle without close()ing the file

    Ilya Zakharevich, Oct 6, 2010, in forum: Perl Misc
    Replies:
    1
    Views:
    117
    Ilya Zakharevich
    Oct 7, 2010
Loading...

Share This Page