Hello Michael,
Not sure why that link didn't work for you. I post the infomation from
that thread here, you may take a look to see if it will help:
Stephen Walch :
I am implementing an ASP.NET server (similar to Cassini) and am trying
to think through how I would go about adding my own authentication to
(based on information I am able to extract from the raw HTTP request).
It looks like my ultimate goal is to set HTTPContext.Principal with a
principal that contains the appropriate identity, roles, etc.
So if I have created an HttpWorkerRequest and am about to call
HttpRuntime.ProcessRequest, what else do I need to do? I see that the
HTTPContext takes HttpWorkerRequest in its constructor, so I deduce
that the Principal is somehow created from the HttpWorkerRequest, but
I can't figure out how.
Any guidelines would be much appreciated. Thanks!
Mike Moore [MSFT] :
Hi,
With off-line communication, we found this solution for Steve:
1)
Dim g As New System.Security.Principal.Gene-ricIdentity(...)
HttpContext.Current.User = g
2) Place the above in an HTTPModule so that it affects the entire
application. For information on writing modules: 308000 HOW TO: Create
an ASP.NET HTTP Module Using Visual Basic .NET
http://support.microsoft.com/?id=308000
Thank you, Mike Moore Microsoft, ASP.NET
This posting is provided "AS IS", with no warranties, and confers no
rights.
Frank :
Hallo,
why is the call(different Principals)
System.Threading.Thread.Curren-tPrincipal
different from the call Context.User
I would like to use PrincipalPermission and User.IsinRole in a normal
WebService Method. For that reason i have to set the
Thread.CurrentPrincipal, but the User has another Principal, so i have
set the user Context.User with the new GenericUser, too. Why?
Frank
"Bassel Tabbara [MSFT]" :
Hello Frank, You need to create a HTTPModule that will handle the
authentication there. HTTP modules and HTTP handlers are an integral
part of the ASP.NET architecture. While a request is being processed,
each request is processed by multiple HTTP modules (for example, the
authentication module and the session module) and is then processed by
a single HTTP handler. After the handler has processed the request,
the request flows back through the HTTP modules.
Modules are called before and after the handler executes. Modules
enable developers to intercept, participate in, or modify each
individual request. Modules implement the IHttpModule interface, which
is located in the System.Web namespace. An HttpApplication class
provides a number of events with which modules can synchronize. The
following events are available for modules to synchronize with on each
request. These events are listed in sequential order:
- BeginRequest. - AuthenticateRequest - AuthorizeRequest -
ResolveRequestCache - AcquireRequestState - PreRequestHandlerExecute -
PostRequestHandlerExecute - ReleaseRequestState - UpdateRequestCache -
EndRequest
The following events are available for modules to synchronize with for
each request transmission. The order of these events is
non-deterministic.
- PreSendRequestHeaders - PreSendRequestContent - Error
For more information refer to the following Kb articles:
307996 HOW TO: Create an ASP.NET HTTP Module Using Visual C# .NET
http://support.microsoft.com/?id=307996
308000 HOW TO: Create an ASP.NET HTTP Module Using Visual Basic .NET
http://support.microsoft.com/?id=308000
Thanks, Bassel Tabbara Microsoft, ASP.NET
This posting is provided "AS IS", with no warranties, and confers no
rights.
"Bassel Tabbara [MSFT]" :
Hello Frank, I am sorry for the last post. I am including below the
right answer:
Basically, Context.User is what ASP.Net uses. The HttpContext.User
property provides programmatic access to the properties and methods of
the IPrincipal interface. Because ASP.NET pages contain a default
reference to the System.Web namespace (which contains the HttpContext
class), you can reference the members of HttpContext on an .aspx page
without the fully qualified class reference to HttpContext. For
example, you can use just User.Identity.Name to get the name of the
user on whose behalf the current process is running. It will return
the authenticated user.
System.Threading.Thread.Curren-tPrincipal is used as a local storage
of the thread. It Gets or sets the thread's current principal (for
role-based security). Without impersonation, this identity will be
empty. Only in ASP.Net, it will be equal to Context.User. In normal
windows apps this will return null value. You have to set it in your
application, for example in a thread pool you will set the
currentPrincipal to an identity for a particular thread.
I hope this helps.
Thanks, Bassel Tabbara Microsoft, ASP.NET
This posting is provided "AS IS", with no warranties, and confers no
rights.