Custom Windows Authentication Principal?

[Eric Wise]

Ok here's the situation, I have several intranet applications at this
company that use windows authentication.

Now when people open the application I can use the user.identity.name to
grab their username. I then use this to query a database that has security
settings for the applications.

What I would like to do is have my own custom user token that I could add
additional fields to (like user.identity.userid, user.identity.departmentid,
user.identity.emailaddress) so I wouldn't have to query the database every
time I want to view them and I don't have to worry about managing session
variables.

Now I've written some code I think will work, but the problem is I can't
figure out how to access the custom information once someone logs in. If
someone could review the code and help me with the last step (or inform me
that I'm barking up the wrong tree) I'd really appreciate it.

Here's the class I created:

Imports System.Security.Principal

Public Class BenetUser

Implements IPrincipal

Private m_Roles() As String

Private m_Id As MyIdentity

Private m_CCID As Integer

Private m_Email As String

Private m_UserName As String

Public Overridable Overloads Function IsInRole(ByVal role As String) As
Boolean Implements IPrincipal.IsInRole

Dim r As String

For Each r In m_Roles

If String.Compare(role, r, True) = 0 Then

Return True

End If

Next

Return False

End Function

Public Overridable Overloads ReadOnly Property Identity() As IIdentity
Implements IPrincipal.Identity

Get

Return m_Id

End Get

End Property

Public ReadOnly Property UserName() As String

Get

Return m_UserName

End Get

End Property

Public ReadOnly Property Id() As Integer

Get

Return m_Id.Id

End Get

End Property

Public ReadOnly Property CCID() As Integer

Get

Return m_CCID

End Get

End Property

Public ReadOnly Property Email() As String

Get

Return m_Email

End Get

End Property

Public Sub New(ByVal roles() As String, ByVal intId As Integer, ByVal
intCCID As Integer, ByVal strEmail As String, ByVal strUserName As String)

m_Roles = roles

m_Id = New MyIdentity(intId)

m_CCID = intCCID

m_Email = strEmail

m_UserName = strUserName

End Sub

Private Class MyIdentity

Implements IIdentity

Private m_Id As Integer

Public Overridable Overloads ReadOnly Property IsAuthenticated() As
Boolean Implements IIdentity.IsAuthenticated

Get

Return True

End Get

End Property

Public Overridable Overloads ReadOnly Property Name() As String
Implements IIdentity.Name

Get

Return m_Id.ToString()

End Get

End Property

Public Overridable Overloads ReadOnly Property AuthenticationType()
As String Implements IIdentity.AuthenticationType

Get

Return "Windows"

End Get

End Property

Friend ReadOnly Property Id() As Integer

Get

Return m_Id

End Get

End Property

Public Sub New(ByVal id As Integer)

m_Id = id

End Sub

End Class

End Class



Then in my global.asax file I put the following code:

Public Sub WindowsAuthentication_OnAuthenticate(ByVal sender As Object,
ByVal e As System.Web.Security.WindowsAuthenticationEventArgs)

If e.Identity.IsAuthenticated Then

Dim id As System.Security.Principal.WindowsIdentity = e.Identity

Dim userName As String = id.Name

Dim myUser As New BPWUser(Replace(userName, "OSTNET1\", ""))

Dim allRoles As String = myUser.Roles

Dim roles() As String = Split(allRoles, "|")

e.User = New BenetUser(roles, myUser.ResourceID,
myUser.CostCenterID, myUser.EmailName, myUser.UserName)

End If

End Sub

 

[Joe Kaplan \(MVP - ADSI\)]

Did you consider inheriting from WindowsIdentity (or WindowPrincipal) to add
your custom functionality instead of reimplementing? Getting all the
WindowsIdentity token-based stuff correct seems like it would be quite a
pain. A lot of that is written in C++ instead of C# in the MS
implementation.

I've sub-classed WindowsPrincipal before and added a whole bunch of
additional properties and it worked well for me.

Joe K.