Customer IPrincial and IIdentity

[MasterGaurav]

Hi,

I need to push some more information than just username and roles in
the IPrincipal implementation.

For this, I wrote the following code (during authentication):

MyIdentity mi = new MyIdentity(....);
MyPrincipal mp = new MyPrincipal(....);

Context.User = mp;
FormsAuthentication.SetAuthCookie(...);

However, everytime I check for Context.User, I get a
GenericPrincipal. How can I have my own MyPrincipal come into
existence?



CHeers,
Gaurav Vaish
http://mastergaurav.org
http://mastergaurav.blogspot.com
----------------------------

 

[Paul Glavich [MVP ASP.NET]]

You must re-assign your custom principal to the thread identity for each
returning request. Use a cookie to store any specific information, grab that
info from the cookie in the Applicatin_Authenticate event, then generate a
custom principal and assign it to the threads context
(HttpContext.Current.User)

 

[MasterGaurav]

Cookie!
Is there no other way? Putting it in session... would that work fine?


Cheers,
Gaurav Vaish
http://mastergaurav.org
http://mastergaurav.blogspot.com
----------------------------

 

[Brock Allen]

But how are distinct Sessions identified? Yep, with cookies

If you put that info into a cookie then you most certainly should encrypt
and MAC protect it so it can't be viewed or modified by the end user (or
an attacker). Beware, the more security code you write the less secure your
app tends to be.