473,394 Members | 1,769 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > custom principal

Join Bytes to post your question to a community of 473,394 software developers and data experts.

Custom Principal

For some odd reason, despite the fact that I assign my own custom IPrincipal
to the HttpContext.User property in an HttpApplication.AuthenticateRequest

event handler inside of an IHttpModule, when I check the Page.User property,
it's a WindowsPrincipal and not _my_ custom Iprincipal. Why would this be?

....

using System;

using System.Web;

using System.Security.Principal;

namespace ImpersonationSample

{

/// <summary>

/// Summary description for AuthenticationModule.

/// </summary>

public class AuthenticationModule : IHttpModule

{

private IPrincipal contextUser;

public AuthenticationModule()

{

//

// TODO: Add constructor logic here

//

}

#region IHttpModule Members

public void Init(HttpApplication context)

{

context.AuthenticateRequest +=

new

EventHandler(context_AuthenticateRequest);

}

public void Dispose()

{

// TODO: Add AuthenticationModule.Dispose implementation

}

#endregion

private void context_AuthenticateRequest(object sender, EventArgs e)

{

HttpApplication application = (HttpApplication)sender;

HttpContext context = application.Context;

HttpRequest request = context.Request;

HttpResponse response = context.Response;

contextUser = context.User;

if(request.IsAuthenticated)

{

/**

* If the calling user is authenticated via NTLM by

* IIS, then we can derive Windows user info.

**/

// create our own custom User object

CustomUser user = new CustomUser(contextUser.Identity.Name);

// assign _our_ IPrincipal to the current request.

contextUser = new CustomPrincipal(contextUser.Identity, user);;

}

}

}

}

using System;

using System.Security.Principal;

namespace ImpersonationSample

{

/// <summary>

/// Summary description for CustomPrincipal.

/// </summary>

public class CustomPrincipal : IPrincipal

{

private IIdentity identity;

private CustomUser user;

public CustomPrincipal(IIdentity identity, CustomUser user)

{

this.identity = identity;

this.user = user;

}

public IIdentity Identity

{

get{ return identity; }

}

public string Username

{

get{ return user.Username; }

}

public bool IsInRole(string role)

{

return true;

}

}

}

using System;

namespace ImpersonationSample

{

/// <summary>

/// Summary description for CustomUser.

/// </summary>

public class CustomUser

{

private string name;

public CustomUser(string username)

{

this.name = username.Split('\\')[1];

}

public string Username

{

get{ return Username; }

}

}

}

....

private void Page_Load(object sender, System.EventArgs e)

{

if(!IsPostBack)

UsernameLabel.Text = ((CustomPrincipal)HttpContext.Current.User).Userna me;

}

....
--
--

David B. Bitton
da***@codenoevil.com
www.codenoevil.com

Code Made Fresh DailyT
Nov 18 '05 #1
3 7235
Hi David,
Thanks for posting in the community!
From your description, you have a custom Principal class and in the
HttpModule's Application_AuthenticateRequest event, you used it to replace
the original IPrincipal in the HttpContext.Current.User . However, you
found you can't retrieve it back again later, yes?

I've made a smiple Application use "windows" authentication and tried your
code, I made the operations in Global object instead of a HttpModule( I
think they will perform the same). What I found is that there seems to be a
small mistake in the "CustomUser" class, it is focus on the "Username"
property, you code is as below:
public string Username
{
get{ return Username; }
}

that causes the property be recursively called and stack overflow. After I
correct the code and test again, it seems work fine on my side. So would
you please have a further check on it to see whether this cause the
problem? And here is my code used to test:
-----------------in global object-----------------
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
HttpApplication application = (HttpApplication)sender;

HttpContext context = application.Context;
HttpRequest request = context.Request;
HttpResponse response = context.Response;
if(request.IsAuthenticated)
{
CustomUser user = new CustomUser(context.User.Identity.Name);
context.User = new CustomPrincipal(context.User.Identity, user);;
}

}
-----------------------------------in page's
page_load-------------------------------
private void Page_Load(object sender, System.EventArgs e)
{
CustomPrincipal cp = (CustomPrincipal)HttpContext.Current.User;

Response.Write("<br>" + HttpContext.Current.User.GetType().ToString() );
Response.Write("<br>" + cp.Username );

}
If you still feel meet the problem or have anything else unclear, please
feel free to post here.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx

Nov 18 '05 #2
Steven,
I found the same error last night w/ the property accessor in the
CustomUser class. Furthermore, I also moved my code into the Global.asax
file, and yes, it worked. My question is this, why doesn't this work from
within an HttpModule? Is there other intrinsic HttpModules that are called
_after_ mine that essentially reset the IPrincipal?

--
--

David B. Bitton
da***@codenoevil.com
www.codenoevil.com

Code Made Fresh Daily™
"Steven Cheng[MSFT]" <v-******@online.microsoft.com> wrote in message
news:zs*************@cpmsftngxa06.phx.gbl...
Hi David,
Thanks for posting in the community!
From your description, you have a custom Principal class and in the
HttpModule's Application_AuthenticateRequest event, you used it to replace
the original IPrincipal in the HttpContext.Current.User . However, you
found you can't retrieve it back again later, yes?

I've made a smiple Application use "windows" authentication and tried your
code, I made the operations in Global object instead of a HttpModule( I
think they will perform the same). What I found is that there seems to be a small mistake in the "CustomUser" class, it is focus on the "Username"
property, you code is as below:
public string Username
{
get{ return Username; }
}

that causes the property be recursively called and stack overflow. After I
correct the code and test again, it seems work fine on my side. So would
you please have a further check on it to see whether this cause the
problem? And here is my code used to test:
-----------------in global object-----------------
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
HttpApplication application = (HttpApplication)sender;

HttpContext context = application.Context;
HttpRequest request = context.Request;
HttpResponse response = context.Response;
if(request.IsAuthenticated)
{
CustomUser user = new CustomUser(context.User.Identity.Name);
context.User = new CustomPrincipal(context.User.Identity, user);;
}

}
-----------------------------------in page's
page_load-------------------------------
private void Page_Load(object sender, System.EventArgs e)
{
CustomPrincipal cp = (CustomPrincipal)HttpContext.Current.User;

Response.Write("<br>" + HttpContext.Current.User.GetType().ToString() );
Response.Write("<br>" + cp.Username );

}
If you still feel meet the problem or have anything else unclear, please
feel free to post here.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx

Nov 18 '05 #3
Hi David,

Thanks for your followup. Regarding on your further description, I've done
a test using the HttpModule on my side. It seems the HttpModule can also
work just as in the Global object. I've also added some break point and
debug , the call sequence is as:
1. Application_BeginRequest in HttpModule
2. Application_AuthenticateRequest in httpModule
3. Application_AuthenticateRequest in Global object

And here is the code I used in my tests:
---------------------httpModule----------------------------
public class SecurityHttpModule : IHttpModule
{

public void Init(HttpApplication application)
{
application.BeginRequest += (new
EventHandler(this.Application_BeginRequest));
application.AuthenticateRequest += new
EventHandler(Application_AuthenticateRequest);
}

private void Application_BeginRequest(Object source, EventArgs e)
{
HttpApplication application = (HttpApplication)source;

HttpContext context = application.Context;

context.Response.Write("<br>This request is begined" +
DateTime.Now.ToLongTimeString());

}

protected void Application_AuthenticateRequest(Object source, EventArgs e)
{
HttpApplication application = (HttpApplication)source;

HttpContext context = application.Context;

HttpRequest request = context.Request;

HttpResponse response = context.Response;

context.User = context.User;

if(request.IsAuthenticated)
{

CustomUser user = new CustomUser(context.User.Identity.Name);

context.User = new CustomPrincipal(context.User.Identity, user);
context.Response.Write("<br>This request is authenticated! in
httpmodule" + DateTime.Now.ToLongTimeString());

}

}

public void Dispose() {}
}

-----------------------test page's page load----------------------
private void Page_Load(object sender, System.EventArgs e)
{
CustomPrincipal cp = (CustomPrincipal)HttpContext.Current.User;

Response.Write("<br>" + HttpContext.Current.User.GetType().ToString() );
Response.Write("<br>" + cp.Username );
}

-------------------------------web.config setting--------------------------
<configuration>
<system.web>
<authentication mode="Windows" />
.............
<httpModules>
<add name="SecurityHttpModule"
type="WebApplication1.SecurityHttpModule,
WebApplication1" />
</httpModules>
</system.web>
</configuration>

==================================

Please check out my test codes to see whether it can provide any clues on
this issue. Also, I think you may add some break points in code to trace
the request. And using some "Response.Write" to append some info such as:
context.Response.Write("<br>This request is authenticated! in httpmodule" +
DateTime.Now.ToLongTimeString());
will also be helpful to troubleshoot.

If you have anything unclear, please feel free to post here.
Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx


Nov 18 '05 #4
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
Custom Attributes for Classes, Methods, etc
by: Nick | last post by:
My client uses a SQL Database to store their usernames and passwords, and I do not believe they have AD...no big deal... I wrote a class to create a generic identity and generic principal so that...
.NET Framework
2
Custom Role Based Security
by: Boris Condarco | last post by:
Hi gurus, I was reading some documentation about security in .NET Framework, it mention that it is possible to make custom Role Based security for example: check the authentication with Windows...
ASP.NET
1
Custom GenericIdentity class for more userdata
by: Beren | last post by:
Hello With trial and error I'm attempting to create an extended identity to store some more data than just the Name, for example a Subscription and a LastSearchPerformed property... Is this a...
ASP.NET
2
Help: Custom Forms Authentication User Object (iPrincipal?)
by: CodeCowboy | last post by:
I'm sure some of you have done this before and I've been perusing through the forum trying to find some uncomplicated solution. I am trying to extend the existing user.identity object. I would...
ASP.NET
5
Custom authentication in a web application
by: Jon Skeet [C# MVP] | last post by:
I've run against a problem which I'm *sure* must be easy to solve - but I'm blowed if I can find the answer :( I have a web service which I want to require authentication. I need to authenticate...
.NET Framework
0
Copied From webservices ng: WebService w/Custom Principal
by: Mythran | last post by:
We have a class that Implements IPrincipal (System.Security.Principal.IPrincipal). We have a business logic class library assembly that checks the Principal object for role information to see if...
Visual Basic .NET
0
Custom Principal
by: google | last post by:
Hi, I use Custom Principal and it works well on my PC (Localhost). When I deploy it at my hosting service it fails. I print out HttpContext.Current.User.GetType().ToString() On my PC it...
.NET Framework
1
soap authentication and custom method in global.asax
by: Stu | last post by:
Hi, Im using vis studio 2003 and I think wse is out of the question as clients could be using java which doesnt support it. So I managed to find some code which allows you to develop a custom...
.NET Framework
1
Custom login will not work
by: Jakob Lithner | last post by:
When I started a new ASP project I was eager to use the login facilities offered in Framework 2.0/VS 2005. I wanted: - A custom principal that could hold my integer UserID from the database -...
ASP.NET
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!