Losing custom identity

Discussion in 'ASP .Net Security' started by martymcdonald@comcast.net, Jul 29, 2005.

  1. Guest

    For authentication we are using an external DB. I can use Forms
    authentication and use the loginUrl="MyLoginForm.aspx" just fine. But
    for authorization, we cannot use a static list of roles for people,
    their authorization depends on factors which change as they use the
    system.

    We must determine roles on every page hit, using information in our
    custom identity, which is changed as user uses system. I examine
    custom identity, determine roles, create principal accordingly, then
    attach it to HttpContext.Current.User. But after redirecting to
    another page, the HttpContext.Current.User identity reverts back to a
    "Windows" identity and also the principal's information is gone too
    (reverts to generic principal without my role info).

    How does one modify the HttpContext.Current.User and have it persist
    between redirects? Thanks!
     
    , Jul 29, 2005
    #1
    1. Advertising

  2. Guest

    This is no longer an issue. I've decided to handle the matter
    differently. Thanks!
     
    , Jul 30, 2005
    #2
    1. Advertising

  3. Hello ,

    normally - the place to attach roles to a Principal and replace Context.User
    is in the Authenticate_Request event (in Global.asax or a HttpModule).

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > For authentication we are using an external DB. I can use Forms
    > authentication and use the loginUrl="MyLoginForm.aspx" just fine. But
    > for authorization, we cannot use a static list of roles for people,
    > their authorization depends on factors which change as they use the
    > system.
    >
    > We must determine roles on every page hit, using information in our
    > custom identity, which is changed as user uses system. I examine
    > custom identity, determine roles, create principal accordingly, then
    > attach it to HttpContext.Current.User. But after redirecting to
    > another page, the HttpContext.Current.User identity reverts back to a
    > "Windows" identity and also the principal's information is gone too
    > (reverts to generic principal without my role info).
    >
    > How does one modify the HttpContext.Current.User and have it persist
    > between redirects? Thanks!
    >
     
    Dominick Baier [DevelopMentor], Jul 30, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Giovanni Bassi
    Replies:
    0
    Views:
    673
    Giovanni Bassi
    Oct 20, 2003
  2. nalbayo
    Replies:
    2
    Views:
    5,593
    Bruce Barker
    Nov 11, 2005
  3. Samuel Shulman

    Losing the User.Identity.Name

    Samuel Shulman, Nov 28, 2006, in forum: ASP .Net
    Replies:
    2
    Views:
    442
    Samuel Shulman
    Nov 29, 2006
  4. JimLad
    Replies:
    0
    Views:
    468
    JimLad
    Jan 16, 2009
  5. Jason C
    Replies:
    4
    Views:
    705
    Morty Abzug
    Jun 26, 2012
Loading...

Share This Page