Custom IIdentity w/ FormsAuthentication

G

Guest

Hi all,

I created a custom IIdentity class to store additional properties for a
logged in user.

The only way I've been able to assign a custom IIdentity when using
FormsAuthentication is to swap it in the Begin_AuthenticateRequest event in
the global.asax.

Is it safe to susbstitute a custom IIdentity in place of the "standard"
FormsIdentity?

Does anyone know if this will create any security problems?

I've swapped my custom IIdentity into a GenericPrincipal and it seems to
work ok...
 
G

Guest

(e-mail address removed) wrote in @g44g2000cwa.googlegroups.com:
Are you saying that:
// Attach the new principal object to the current HttpContext object
Context.User = principal;


fails, unless you have it in
Begin_AuthenticateRequest ?
Click to expand...

I've attached a custom principal AND custom identity within the
Application_AuthenticateRequest event handler ... and it seems to be
working OK???

So what I'm worried out:

I am no longer using the FormsIdentity Object - yet forms authentication
works OK. Have I created any security holes?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Custom IIdentity object casting 0
Extending IIdentity help 2
Form authentication & Custom Principal implementation 2
PrincipalPermissionAttribute and custom IPrincipal 6
Custom Authentication Provider 0
Override User.Identity.Name or Custom IIdentity 1
Custom IIdentity class - how to set it? 6
Custom Membership without using built-in provider model 6

Members online

No members online now.
Total: 42 (members: 2, guests: 40)
Robots: 250

Forum statistics

Threads
473,997
Messages
2,570,240
Members
46,830
Latest member
HeleneMull

Latest Threads

Top