.NETGURU
  Search:  
NamespacesDiscussions.NET v1.1Dot Net Guru's BlogIT Certification
Extend context.user.identity
Messages   Related Types
This message was discovered on ASPFriends.com 'aspngsec' list.


Sven Huijbrechts
Hi All,

Is it possible to easily extend context.user.identity?
I'm doing a forms authentication against a sql database, I return some extra
data like clientID,FirstName,CompanyName,...
I would like to make these available through my application using ex:
context.user.identity.ClientID
context.user.identity.FirstName
context.user.identity.CompanyName
...

Is this possible or is there another (and better) solution to do this?

Greetings,
Sven.
Reply to this message...
 
    
Alex Dresko
Haha! I was just about to ask the same question. In addition to this,
however, would it be possible to serialize the extended identity?

Alex Dresko
Three Point Oh!

-----Original Message-----
From: Sven Huijbrechts [mailto:Click here to reveal e-mail address]
Sent: Monday, June 24, 2002 11:08 AM
To: aspngsec
Subject: [aspngsec] Extend context.user.identity

Hi All,

Is it possible to easily extend context.user.identity?
I'm doing a forms authentication against a sql database, I return some
extra
data like clientID,FirstName,CompanyName,...
I would like to make these available through my application using ex:
context.user.identity.ClientID
context.user.identity.FirstName
context.user.identity.CompanyName
...

Is this possible or is there another (and better) solution to do this?

Greetings,
Sven.

| [aspngsec] member Click here to reveal e-mail address = YOUR ID
| http://www.asplists.com/asplists/aspngsec.asp = JOIN/QUIT
| http://www.asplists.com/search = SEARCH Archives
Reply to this message...
 
    
Remas Wojciechowski
Sven,

you can create our own class that subclasses the GenericPrincipal (or the
GenericIdentity) class and extends it (in your case with 3 properties).
Having done that, you can replace the default principal in Context.User (or
Context.User.Identity) with your custom class. A good place to do that is
global.asax. If memory serves me well, the ibuyspy portal application
follows that approach.
Once you have that part up an running, the only thing you have to keep in
mind is that you need to case Context.User(.Identity) to your custom type
whenever you want to access your properties.

hth,
Remas
http://www.aspalliance.com/remas

----- Original Message -----
From: "Sven Huijbrechts" <Click here to reveal e-mail address>
To: "aspngsec" <Click here to reveal e-mail address>
Sent: Monday, June 24, 2002 5:07 PM
Subject: [aspngsec] Extend context.user.identity

[Original message clipped]
Reply to this message...
 
    
Daniel Kent
It is actually much easier to extend the IPrincipal object (Context.User)
than the IIdentity object (Context.User.Identity).

The reason for this is that the built in authentication modules use their
own implementations of IIdentity (WindowsIdentity, PassportIdentity and
FormsIdentity), which are not inheritable.

Only Windows authentication uses an IPrincipal rather than GenericPrincipal.
It uses WindowsPrincipal, which is in any case inheritable and therefore
extendable.

What you need to do to use a custom IPrincipal object is:

* Create an implementation of IPrincipal, either with a new class that
implements the interface or by subclassing an existing implementation

* Add code that handles either the Authenticate event of the authentication
module you are using or the AuthenticateRequest event of the HttpApplication
(The Application_AuthenticateRequest event in global.asax). This code needs
to create your custom IPrincipal and attach it to Context.User

You might also want to look into using the forms authentication ticket to
persist the user information between requests, rather than accessing the
database with every request. In thsi scenario, your authentication event
handling code would extract the information from the ticket and then set up
the custom IPrincipal object.

I hope this helps,

Dan.

(Currently finishing off Professional ASP.NET Security for Wrox)

-----Original Message-----
From: Sven Huijbrechts [mailto:Click here to reveal e-mail address]
Sent: 24 June 2002 16:08
To: aspngsec
Subject: [aspngsec] Extend context.user.identity

Hi All,

Is it possible to easily extend context.user.identity?
I'm doing a forms authentication against a sql database, I return some extra
data like clientID,FirstName,CompanyName,...
I would like to make these available through my application using ex:
context.user.identity.ClientID
context.user.identity.FirstName
context.user.identity.CompanyName
...

Is this possible or is there another (and better) solution to do this?

Greetings,
Sven.

| [aspngsec] member Click here to reveal e-mail address = YOUR ID
| http://www.asplists.com/asplists/aspngsec.asp = JOIN/QUIT
| http://www.asplists.com/search = SEARCH Archives
Reply to this message...
 
    
Sven Huijbrechts
Wouldn't is be better/easier (for me as a relative beginner on ASP.NET) to
create a public accessible class "Customer" and add some properties??

Sven.

(Looking forward to buy the new book :), I hope there's a LOT code in it)

-----Oorspronkelijk bericht-----
Van: Daniel Kent [mailto:Click here to reveal e-mail address]
Verzonden: maandag 24 juni 2002 19:03
Aan: aspngsec
Onderwerp: [aspngsec] RE: Extend context.user.identity

It is actually much easier to extend the IPrincipal object (Context.User)
than the IIdentity object (Context.User.Identity).

The reason for this is that the built in authentication modules use their
own implementations of IIdentity (WindowsIdentity, PassportIdentity and
FormsIdentity), which are not inheritable.

Only Windows authentication uses an IPrincipal rather than GenericPrincipal.
It uses WindowsPrincipal, which is in any case inheritable and therefore
extendable.

What you need to do to use a custom IPrincipal object is:

* Create an implementation of IPrincipal, either with a new class that
implements the interface or by subclassing an existing implementation

* Add code that handles either the Authenticate event of the authentication
module you are using or the AuthenticateRequest event of the HttpApplication
(The Application_AuthenticateRequest event in global.asax). This code needs
to create your custom IPrincipal and attach it to Context.User

You might also want to look into using the forms authentication ticket to
persist the user information between requests, rather than accessing the
database with every request. In thsi scenario, your authentication event
handling code would extract the information from the ticket and then set up
the custom IPrincipal object.

I hope this helps,

Dan.

(Currently finishing off Professional ASP.NET Security for Wrox)

-----Original Message-----
From: Sven Huijbrechts [mailto:Click here to reveal e-mail address]
Sent: 24 June 2002 16:08
To: aspngsec
Subject: [aspngsec] Extend context.user.identity

Hi All,

Is it possible to easily extend context.user.identity?
I'm doing a forms authentication against a sql database, I return some extra
data like clientID,FirstName,CompanyName,...
I would like to make these available through my application using ex:
context.user.identity.ClientID
context.user.identity.FirstName
context.user.identity.CompanyName
...

Is this possible or is there another (and better) solution to do this?

Greetings,
Sven.

| [aspngsec] member Click here to reveal e-mail address = YOUR ID
| http://www.asplists.com/asplists/aspngsec.asp = JOIN/QUIT
| http://www.asplists.com/search = SEARCH Archives

| [aspngsec] member Click here to reveal e-mail address = YOUR ID
| http://www.asplists.com/asplists/aspngsec.asp = JOIN/QUIT
| http://www.asplists.com/search = SEARCH Archives
Reply to this message...
 
    
Daniel Kent
The advantage to customizing the IPrincipal in Context.User is that it is
accessible throughout the code that services the users request - code in
pages, server controls, user controls and so on can all access the
HttpContext and thus the User property.

Even if you are new to ASP.NET, it is worth learning how to implement
interfaces and derive from existing classes. These two techniques are key in
unlocking a lot of the power of ASP.NET (and .NET in general).

Interfaces are important because they allow us to create classes that
ASP.NET will be able to communicate with. Here we are looking at the
IPrinciple interface, which defines the lowest level of functionality that
the Context.User object should have. Implementing the interface allows us to
replace the GenericPrincipal in Context.User with our own implementation,
which can carry extra information or provide extra functionality.

Interfaces are are important for a whole host of other tasks, including
building Http Modules or Http Handlers (Both very useful for solving certain
types of problem)

Deriving from existing classes is a very important technique to learn. By
doing this, we can inherit the functionality of an existing class rather
than starting from scratch. If we find a class in the class library that
does almost what we want, we can derive from it and add the functionality we
require. For example, a wide variety of Controls are provided in the
System.Web.UI.* namespaces. We can derive from these controls, or the
classes they are based on, to create exactly the result we are after without
redoing the work that Microsoft has already done.

Implementing interfaces and deriving from classes are both very easy
techniques - any good ASP.NET book should explain how to do both.

As you can probably tell, I believe strongly in the importance of these
techniques - learning them early can make ASP.NET development an absolute
joy and I recommend that everyone takes the opportunity to try them out.

Dan.

(Currently finishing off Professional ASP.NET Security for Wrox - there is,
indeed, a lot of code in it)

-----Original Message-----
From: Sven Huijbrechts [mailto:Click here to reveal e-mail address]
Sent: 25 June 2002 08:47
To: aspngsec
Subject: [aspngsec] RE: Extend context.user.identity

Wouldn't is be better/easier (for me as a relative beginner on ASP.NET) to
create a public accessible class "Customer" and add some properties??

Sven.

(Looking forward to buy the new book :), I hope there's a LOT code in it)

-----Oorspronkelijk bericht-----
Van: Daniel Kent [mailto:Click here to reveal e-mail address]
Verzonden: maandag 24 juni 2002 19:03
Aan: aspngsec
Onderwerp: [aspngsec] RE: Extend context.user.identity

It is actually much easier to extend the IPrincipal object (Context.User)
than the IIdentity object (Context.User.Identity).

The reason for this is that the built in authentication modules use their
own implementations of IIdentity (WindowsIdentity, PassportIdentity and
FormsIdentity), which are not inheritable.

Only Windows authentication uses an IPrincipal rather than GenericPrincipal.
It uses WindowsPrincipal, which is in any case inheritable and therefore
extendable.

What you need to do to use a custom IPrincipal object is:

* Create an implementation of IPrincipal, either with a new class that
implements the interface or by subclassing an existing implementation

* Add code that handles either the Authenticate event of the authentication
module you are using or the AuthenticateRequest event of the HttpApplication
(The Application_AuthenticateRequest event in global.asax). This code needs
to create your custom IPrincipal and attach it to Context.User

You might also want to look into using the forms authentication ticket to
persist the user information between requests, rather than accessing the
database with every request. In thsi scenario, your authentication event
handling code would extract the information from the ticket and then set up
the custom IPrincipal object.

I hope this helps,

Dan.

(Currently finishing off Professional ASP.NET Security for Wrox)

-----Original Message-----
From: Sven Huijbrechts [mailto:Click here to reveal e-mail address]
Sent: 24 June 2002 16:08
To: aspngsec
Subject: [aspngsec] Extend context.user.identity

Hi All,

Is it possible to easily extend context.user.identity?
I'm doing a forms authentication against a sql database, I return some extra
data like clientID,FirstName,CompanyName,...
I would like to make these available through my application using ex:
context.user.identity.ClientID
context.user.identity.FirstName
context.user.identity.CompanyName
...

Is this possible or is there another (and better) solution to do this?

Greetings,
Sven.

| [aspngsec] member Click here to reveal e-mail address = YOUR ID
| http://www.asplists.com/asplists/aspngsec.asp = JOIN/QUIT
| http://www.asplists.com/search = SEARCH Archives

| [aspngsec] member Click here to reveal e-mail address = YOUR ID
| http://www.asplists.com/asplists/aspngsec.asp = JOIN/QUIT
| http://www.asplists.com/search = SEARCH Archives

| [aspngsec] member Click here to reveal e-mail address = YOUR ID
| http://www.asplists.com/asplists/aspngsec.asp = JOIN/QUIT
| http://www.asplists.com/search = SEARCH Archives
Reply to this message...
 
 
System.Runtime.Remoting.Contexts.Context
System.Security.Principal.GenericIdentity
System.Security.Principal.GenericPrincipal
System.Security.Principal.IIdentity
System.Security.Principal.IPrincipal
System.Security.Principal.WindowsIdentity
System.Security.Principal.WindowsPrincipal
System.Web.HttpApplication
System.Web.HttpContext
System.Web.Security.FormsIdentity
System.Web.Security.PassportIdentity




ExamGuru IT Solutions - .Net Guru is owned and operated by ExamGuru, Inc., the man behind .Net Guru. If you're in the market for bespoke software or software consultancy, why not get him and his highly trained team to help? - www.examguru.net/ITCertification
Ad


Need Dot Net Interview Questions?
Ask ExamGuru, Inc. for advice and help on Passing .Net Interviews
.Net Projects
Best-of-breed application framework for .NET projects, developed by ExamGuru, Inc. and ExamGuru IT
Free .net Help
Commission ExamGuru, Inc. and his team for your next bespoke software project
FogBUGZ
The only bug tracking system carefully crafted with one goal in mind: helping teams create great software.
Awesome Tools
If you don't know about these, you're missing out... IT Certification Questions
IT Interview Questions
Free Oracle 10g Training
MCSE Boortcamp
Cisco Study Guides
Cheap Study Guides
Exact Questions
Dot Net Interview Questions
Oracle OCP
Cheap Travel
Designer Perfumes - Wholesale Prices
Free Programming Tutorials
 
ExamGuru IT Solutions - .Net Guru is owned and operated by ExamGuru, Inc., the man behind .Net Guru. If you're in the market for bespoke software or software consultancy, why not get him and his highly trained team to help? - www.examguru.net/ITCertification
 Copyright © ExamGuru, Inc. 2001-2006
Contact Us - Terms of Use - Privacy Policy - www.dot-net-guru.com - www.examguru.net - www.oraclesource.net - www.itinterviews.net - www.examguru.net/ITCertification