Professional Web Applications Themes

creating custom HttpContext.Current.User.Identity - ASP.NET Security

I've started getting into using forms authentication for asp.net apps with c#. From what i understand so far (limited) I like the way things work! I've got an application working right now where an email address and password is checked from a database and I can check the authenticated user's email address with HttpContext.Current.User.Identity.Name. This all works fine! I want to be able to do: HttpContext.Current.User.(customIdentity?).EmailAd dress HttpContext.Current.User.(customIdentity?).UserID HttpContext.Current.User.(customIdentity?).NickNam e I'm just a bit confused about what i have to do after reading many different posts and articles about this. It seems to me like i should only have to ...

  1. #1

    Default creating custom HttpContext.Current.User.Identity

    I've started getting into using forms authentication for asp.net apps
    with c#. From what i understand so far (limited) I like the way
    things work! I've got an application working right now where an email
    address and password is checked from a database and I can check the
    authenticated user's email address with
    HttpContext.Current.User.Identity.Name. This all works fine!

    I want to be able to do:
    HttpContext.Current.User.(customIdentity?).EmailAd dress
    HttpContext.Current.User.(customIdentity?).UserID
    HttpContext.Current.User.(customIdentity?).NickNam e

    I'm just a bit confused about what i have to do after reading many
    different posts and articles about this. It seems to me like i should
    only have to create a custom class that extends IIdentity, but then to
    use that don't i have to create a custom class that extends IPrincipal
    also? and then it also seems i need a custom
    FormsAuthenticationTicket class also???

    I'm just looking for the simplest way to do this, which classes do i
    have to create custom for this action?

    Thanks for your time!
    dSchwartz Guest

  2. #2

    Default Re: creating custom HttpContext.Current.User.Identity

    I think you can use the same IPrincipal that Forms auth uses, but if for
    some reason you can't, you can easily use the GenericPrincipal class with
    your custom IIdentity implementation. Its constructor takes any type
    implementing IIdentity.

    It is also totally reasonable to derive from GenericPrincipal or
    GenericIdentity (or most of the framework IIdentity or IPrincipal
    implementations for that matter) if you want.

    Joe K.

    "dSchwartz" <schwartzcableone.net> wrote in message
    news:4ae1ece2.0402181442.70de4e41posting.google.c om...
    > I've started getting into using forms authentication for asp.net apps
    > with c#. From what i understand so far (limited) I like the way
    > things work! I've got an application working right now where an email
    > address and password is checked from a database and I can check the
    > authenticated user's email address with
    > HttpContext.Current.User.Identity.Name. This all works fine!
    >
    > I want to be able to do:
    > HttpContext.Current.User.(customIdentity?).EmailAd dress
    > HttpContext.Current.User.(customIdentity?).UserID
    > HttpContext.Current.User.(customIdentity?).NickNam e
    >
    > I'm just a bit confused about what i have to do after reading many
    > different posts and articles about this. It seems to me like i should
    > only have to create a custom class that extends IIdentity, but then to
    > use that don't i have to create a custom class that extends IPrincipal
    > also? and then it also seems i need a custom
    > FormsAuthenticationTicket class also???
    >
    > I'm just looking for the simplest way to do this, which classes do i
    > have to create custom for this action?
    >
    > Thanks for your time!

    Joe Kaplan \(MVP - ADSI\) Guest

  3. #3

    Default Re: creating custom HttpContext.Current.User.Identity

    I've never used a custom Identity w/o a custom principal also but I would
    think you could just assign the customidentity to the current principals
    identity in the global AuthenticateRequest event and then just access
    anywhere you'd like after that?

    protected void Application_AuthenticateRequest(Object sender, EventArgs e)
    {

    customIdentity ci;

    if (Request.IsAuthenticated == true)
    {
    //load up the custom identity info based on the default
    username found in name usually
    //or based on a client cookie with the user id or something
    ci = new
    customIdentity(HttpContext.Current.User.Identity.N ame);

    //Assign the current identity to the newly loaded
    customIdentity
    HttpContext.Current.User.Identity = ci;

    //or alternatlively (which I think is the same thing as
    above)
    System.Threading.Thread.CurrentPrincipal.Identity = ci;

    }
    }

    Now whenever you wanted to get at info in your custom identity you'd just
    need to do something like this:

    (customIdentity) HttpContext.Current.User.Identity.NickName
    or
    (customIdentity) HttpContext.Current.User.Identity.EmailAddress

    Forgive my poor c# skills, I'm a VB programmer making the transition to c#
    :).

    Although I've never done a custom identity w/o doing a custom principal I
    can't see why this wouldn't work.

    Josh


    "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplanremovethis.accenture.com> wrote
    in message news:e%23FoUfq9DHA.1592TK2MSFTNGP10.phx.gbl...
    > I think you can use the same IPrincipal that Forms auth uses, but if for
    > some reason you can't, you can easily use the GenericPrincipal class with
    > your custom IIdentity implementation. Its constructor takes any type
    > implementing IIdentity.
    >
    > It is also totally reasonable to derive from GenericPrincipal or
    > GenericIdentity (or most of the framework IIdentity or IPrincipal
    > implementations for that matter) if you want.
    >
    > Joe K.
    >
    > "dSchwartz" <schwartzcableone.net> wrote in message
    > news:4ae1ece2.0402181442.70de4e41posting.google.c om...
    > > I've started getting into using forms authentication for asp.net apps
    > > with c#. From what i understand so far (limited) I like the way
    > > things work! I've got an application working right now where an email
    > > address and password is checked from a database and I can check the
    > > authenticated user's email address with
    > > HttpContext.Current.User.Identity.Name. This all works fine!
    > >
    > > I want to be able to do:
    > > HttpContext.Current.User.(customIdentity?).EmailAd dress
    > > HttpContext.Current.User.(customIdentity?).UserID
    > > HttpContext.Current.User.(customIdentity?).NickNam e
    > >
    > > I'm just a bit confused about what i have to do after reading many
    > > different posts and articles about this. It seems to me like i should
    > > only have to create a custom class that extends IIdentity, but then to
    > > use that don't i have to create a custom class that extends IPrincipal
    > > also? and then it also seems i need a custom
    > > FormsAuthenticationTicket class also???
    > >
    > > I'm just looking for the simplest way to do this, which classes do i
    > > have to create custom for this action?
    > >
    > > Thanks for your time!
    >
    >

    Josh Guest

  4. #4

    Default Re: creating custom HttpContext.Current.User.Identity

    This might be a good scenario to use the Authorization & Profiling
    Application Block
    ([url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag/html[/url]
    /authpro.asp)
    Here you have the concept of an Extended Principal and this enables you to
    build you custom Profile Provider (as well as an Autorization Provider) with
    all the attributes you might need.

    HernanDL.


    "Josh" <jcarlislenospam-removeme.viewfusion.com> wrote in message
    news:Ov0q8tq9DHA.1936TK2MSFTNGP12.phx.gbl...
    > I've never used a custom Identity w/o a custom principal also but I would
    > think you could just assign the customidentity to the current principals
    > identity in the global AuthenticateRequest event and then just access
    > anywhere you'd like after that?
    >
    > protected void Application_AuthenticateRequest(Object sender, EventArgs e)
    > {
    >
    > customIdentity ci;
    >
    > if (Request.IsAuthenticated == true)
    > {
    > //load up the custom identity info based on the default
    > username found in name usually
    > //or based on a client cookie with the user id or
    something
    > ci = new
    > customIdentity(HttpContext.Current.User.Identity.N ame);
    >
    > //Assign the current identity to the newly loaded
    > customIdentity
    > HttpContext.Current.User.Identity = ci;
    >
    > //or alternatlively (which I think is the same thing as
    > above)
    > System.Threading.Thread.CurrentPrincipal.Identity = ci;
    >
    > }
    > }
    >
    > Now whenever you wanted to get at info in your custom identity you'd just
    > need to do something like this:
    >
    > (customIdentity) HttpContext.Current.User.Identity.NickName
    > or
    > (customIdentity) HttpContext.Current.User.Identity.EmailAddress
    >
    > Forgive my poor c# skills, I'm a VB programmer making the transition to c#
    > :).
    >
    > Although I've never done a custom identity w/o doing a custom principal I
    > can't see why this wouldn't work.
    >
    > Josh
    >
    >
    > "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplanremovethis.accenture.com> wrote
    > in message news:e%23FoUfq9DHA.1592TK2MSFTNGP10.phx.gbl...
    > > I think you can use the same IPrincipal that Forms auth uses, but if for
    > > some reason you can't, you can easily use the GenericPrincipal class
    with
    > > your custom IIdentity implementation. Its constructor takes any type
    > > implementing IIdentity.
    > >
    > > It is also totally reasonable to derive from GenericPrincipal or
    > > GenericIdentity (or most of the framework IIdentity or IPrincipal
    > > implementations for that matter) if you want.
    > >
    > > Joe K.
    > >
    > > "dSchwartz" <schwartzcableone.net> wrote in message
    > > news:4ae1ece2.0402181442.70de4e41posting.google.c om...
    > > > I've started getting into using forms authentication for asp.net apps
    > > > with c#. From what i understand so far (limited) I like the way
    > > > things work! I've got an application working right now where an email
    > > > address and password is checked from a database and I can check the
    > > > authenticated user's email address with
    > > > HttpContext.Current.User.Identity.Name. This all works fine!
    > > >
    > > > I want to be able to do:
    > > > HttpContext.Current.User.(customIdentity?).EmailAd dress
    > > > HttpContext.Current.User.(customIdentity?).UserID
    > > > HttpContext.Current.User.(customIdentity?).NickNam e
    > > >
    > > > I'm just a bit confused about what i have to do after reading many
    > > > different posts and articles about this. It seems to me like i should
    > > > only have to create a custom class that extends IIdentity, but then to
    > > > use that don't i have to create a custom class that extends IPrincipal
    > > > also? and then it also seems i need a custom
    > > > FormsAuthenticationTicket class also???
    > > >
    > > > I'm just looking for the simplest way to do this, which classes do i
    > > > have to create custom for this action?
    > > >
    > > > Thanks for your time!
    > >
    > >
    >
    >

    Hernan de Lahitte Guest

  5. #5

    Default Re: creating custom HttpContext.Current.User.Identity

    Agreed. It is a nice addition to the Application Blocks collection and uses
    good patterns.

    Joe K.

    "Hernan de Lahitte" <hernanlagash.com> wrote in message
    news:%23jrD9Fu9DHA.2368TK2MSFTNGP11.phx.gbl...
    > This might be a good scenario to use the Authorization & Profiling
    > Application Block
    >
    ([url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag/html[/url]
    > /authpro.asp)
    > Here you have the concept of an Extended Principal and this enables you to
    > build you custom Profile Provider (as well as an Autorization Provider)
    with
    > all the attributes you might need.
    >
    > HernanDL.
    >
    >
    > "Josh" <jcarlislenospam-removeme.viewfusion.com> wrote in message
    > news:Ov0q8tq9DHA.1936TK2MSFTNGP12.phx.gbl...
    > > I've never used a custom Identity w/o a custom principal also but I
    would
    > > think you could just assign the customidentity to the current principals
    > > identity in the global AuthenticateRequest event and then just access
    > > anywhere you'd like after that?
    > >
    > > protected void Application_AuthenticateRequest(Object sender, EventArgs
    e)
    > > {
    > >
    > > customIdentity ci;
    > >
    > > if (Request.IsAuthenticated == true)
    > > {
    > > //load up the custom identity info based on the default
    > > username found in name usually
    > > //or based on a client cookie with the user id or
    > something
    > > ci = new
    > > customIdentity(HttpContext.Current.User.Identity.N ame);
    > >
    > > //Assign the current identity to the newly loaded
    > > customIdentity
    > > HttpContext.Current.User.Identity = ci;
    > >
    > > //or alternatlively (which I think is the same thing as
    > > above)
    > > System.Threading.Thread.CurrentPrincipal.Identity = ci;
    > >
    > > }
    > > }
    > >
    > > Now whenever you wanted to get at info in your custom identity you'd
    just
    > > need to do something like this:
    > >
    > > (customIdentity) HttpContext.Current.User.Identity.NickName
    > > or
    > > (customIdentity) HttpContext.Current.User.Identity.EmailAddress
    > >
    > > Forgive my poor c# skills, I'm a VB programmer making the transition to
    c#
    > > :).
    > >
    > > Although I've never done a custom identity w/o doing a custom principal
    I
    > > can't see why this wouldn't work.
    > >
    > > Josh
    > >
    > >
    > > "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplanremovethis.accenture.com>
    wrote
    > > in message news:e%23FoUfq9DHA.1592TK2MSFTNGP10.phx.gbl...
    > > > I think you can use the same IPrincipal that Forms auth uses, but if
    for
    > > > some reason you can't, you can easily use the GenericPrincipal class
    > with
    > > > your custom IIdentity implementation. Its constructor takes any type
    > > > implementing IIdentity.
    > > >
    > > > It is also totally reasonable to derive from GenericPrincipal or
    > > > GenericIdentity (or most of the framework IIdentity or IPrincipal
    > > > implementations for that matter) if you want.
    > > >
    > > > Joe K.
    > > >
    > > > "dSchwartz" <schwartzcableone.net> wrote in message
    > > > news:4ae1ece2.0402181442.70de4e41posting.google.c om...
    > > > > I've started getting into using forms authentication for asp.net
    apps
    > > > > with c#. From what i understand so far (limited) I like the way
    > > > > things work! I've got an application working right now where an
    email
    > > > > address and password is checked from a database and I can check the
    > > > > authenticated user's email address with
    > > > > HttpContext.Current.User.Identity.Name. This all works fine!
    > > > >
    > > > > I want to be able to do:
    > > > > HttpContext.Current.User.(customIdentity?).EmailAd dress
    > > > > HttpContext.Current.User.(customIdentity?).UserID
    > > > > HttpContext.Current.User.(customIdentity?).NickNam e
    > > > >
    > > > > I'm just a bit confused about what i have to do after reading many
    > > > > different posts and articles about this. It seems to me like i
    should
    > > > > only have to create a custom class that extends IIdentity, but then
    to
    > > > > use that don't i have to create a custom class that extends
    IPrincipal
    > > > > also? and then it also seems i need a custom
    > > > > FormsAuthenticationTicket class also???
    > > > >
    > > > > I'm just looking for the simplest way to do this, which classes do i
    > > > > have to create custom for this action?
    > > > >
    > > > > Thanks for your time!
    > > >
    > > >
    > >
    > >
    >
    >

    Joe Kaplan \(MVP - ADSI\) Guest

  6. #6

    Default Re: creating custom HttpContext.Current.User.Identity

    "Josh" <jcarlislenospam-removeme.viewfusion.com> wrote in message news:<Ov0q8tq9DHA.1936TK2MSFTNGP12.phx.gbl>...
    > I've never used a custom Identity w/o a custom principal also but I would
    > think you could just assign the customidentity to the current principals
    > identity in the global AuthenticateRequest event and then just access
    > anywhere you'd like after that?

    I'm very close to making this work. Here's what I've got:


    protected void Application_AuthenticateRequest(Object sender,
    EventArgs e)
    { string cookieName = FormsAuthentication.FormsCookieName;
    HttpCookie authCookie = Context.Request.Cookies[cookieName];
    if (null == authCookie)
    { //There is no authentication cookie.
    return;
    }

    FormsAuthenticationTicket authTicket = null;
    try
    { authTicket = FormsAuthentication.Decrypt(authCookie.Value);
    }
    catch(Exception ex)
    { //Log exception details (omitted)
    Response.Write("execption:" + ex);
    return;
    }

    if (null == authTicket)
    { //cookie failed to decrypt
    return;
    }

    string[] roles = authTicket.UserData.Split(new char[] {'|'});

    inetIdentity i1;
    i1 = new inetIdentity(HttpContext.Current.User.Identity.Nam e);

    GenericPrincipal principal = new GenericPrincipal(i1, roles);

    Context.User = principal;
    }

    My inetIdentity which extends IIdentity has just the 2 added
    properties Userid and EmailAddress. It's constructor looks up the
    Nickname and userID from the db based on the emailaddress and assigns
    those values. That all works good!

    To get these new values I do:
    ((inetIdentity)HttpContext.Current.User.Identity). EmailAddress
    which works good when I've got an authenticated user. When there is
    no authenticated user I get "System.InvalidCastException: Specified
    cast is not valid."

    I assume I'm just a little bit off here but not exactly sure where.
    someone please point me in the right direction here. Thanks!
    dSchwartz Guest

  7. #7

    Default Re: creating custom HttpContext.Current.User.Identity

    hi,
    > ((inetIdentity)HttpContext.Current.User.Identity). EmailAddress
    at this point u dont hv the cokie with u
    so i tkink u shud add

    If (Request.IsAuthenticated)
    {
    ((inetIdentity)HttpContext.Current.User.Identity). EmailAddress
    }



    --
    Thanks and Regards,

    Amit Agarwal
    Software Programmer(.NET)
    "dSchwartz" <schwartzcableone.net> wrote in message
    news:4ae1ece2.0402191211.101c71acposting.google.c om...
    > "Josh" <jcarlislenospam-removeme.viewfusion.com> wrote in message
    news:<Ov0q8tq9DHA.1936TK2MSFTNGP12.phx.gbl>...
    > > I've never used a custom Identity w/o a custom principal also but I
    would
    > > think you could just assign the customidentity to the current principals
    > > identity in the global AuthenticateRequest event and then just access
    > > anywhere you'd like after that?
    >
    >
    > I'm very close to making this work. Here's what I've got:
    >
    >
    > protected void Application_AuthenticateRequest(Object sender,
    > EventArgs e)
    > { string cookieName = FormsAuthentication.FormsCookieName;
    > HttpCookie authCookie = Context.Request.Cookies[cookieName];
    > if (null == authCookie)
    > { //There is no authentication cookie.
    > return;
    > }
    >
    > FormsAuthenticationTicket authTicket = null;
    > try
    > { authTicket = FormsAuthentication.Decrypt(authCookie.Value);
    > }
    > catch(Exception ex)
    > { //Log exception details (omitted)
    > Response.Write("execption:" + ex);
    > return;
    > }
    >
    > if (null == authTicket)
    > { //cookie failed to decrypt
    > return;
    > }
    >
    > string[] roles = authTicket.UserData.Split(new char[] {'|'});
    >
    > inetIdentity i1;
    > i1 = new inetIdentity(HttpContext.Current.User.Identity.Nam e);
    >
    > GenericPrincipal principal = new GenericPrincipal(i1, roles);
    >
    > Context.User = principal;
    > }
    >
    > My inetIdentity which extends IIdentity has just the 2 added
    > properties Userid and EmailAddress. It's constructor looks up the
    > Nickname and userID from the db based on the emailaddress and assigns
    > those values. That all works good!
    >
    > To get these new values I do:
    > ((inetIdentity)HttpContext.Current.User.Identity). EmailAddress
    > which works good when I've got an authenticated user. When there is
    > no authenticated user I get "System.InvalidCastException: Specified
    > cast is not valid."
    >
    > I assume I'm just a little bit off here but not exactly sure where.
    > someone please point me in the right direction here. Thanks!

    ---
    Outgoing mail is certified Virus Free.
    Checked by AVG anti-virus system ([url]http://www.grisoft.com[/url]).
    Version: 6.0.593 / Virus Database: 376 - Release Date: 2/20/2004


    .NET Follower Guest

Similar Threads

  1. flow user identity to web service through httpcontext??
    By Kevin Yu in forum ASP.NET Web Services
    Replies: 1
    Last Post: July 14th, 09:29 PM
  2. HttpContext.Current.User.IsInRole
    By Julia in forum ASP.NET Security
    Replies: 2
    Last Post: April 6th, 05:50 PM
  3. How secure is HttpContext.Current.User.Identity.Name ?
    By Mark D. in forum ASP.NET Security
    Replies: 0
    Last Post: August 16th, 07:33 PM
  4. Replies: 4
    Last Post: December 18th, 10:44 AM
  5. HttpContext.Current.User vs. Thread.CurrentPrincipal
    By Michael Ames in forum ASP.NET Security
    Replies: 1
    Last Post: November 14th, 06:47 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139