I've been reading this article:
http://msdn2.microsoft.com/EN-US/library/aa302401.aspx
Building Secure ASP.NET Applications: Authentication, Authorization, and
Secure Communication
(the article is for 1.1)
(i'm using 2.0)
The article is good. Then you get to the part about
:::::::::: :::
protected void Application_Aut henticateReques t(Object sender, EventArgs e)
{
}
That you have to "hack in" a way to keep your custom IPrincipal alive and
well.
(I discovered this because when I did the following:
CustomPrincipal customPrinc = new CustomPrincipal (ident);
System.Web.Http Context.Current .User = customPrinc ;
then you went to the next page, the System.Web.Http Context.Current .User was
a GenericPrincipa l) and not an instance of CustomPrincipal like I would
expect.
.............
Is there a better way to handle this in 2.0, rather than hacking into the
Application_Aut henticateReques t method?
With the provider model in 2.0 I would expect something (similar) to:
<authenticati on mode= "MyCustomAuthen icator"/>
But no go on that.
There's gotta be a better way in 2.0 ?!?
Thanks!