ASP.NET MVC - Custom IIdentity or IPrincipal with Windows Authentication

I am working on an intranet site with Windows Authentication for logins. However, I want to extend the IPrincipal to have other properties. For instance, I'd like to get the user's FirstName in @User.FirstName or User.AuthorizedActivity("Admin/Permissions/Edit") (would retrieve from db) using activities instead of roles to hide certain links, etc. I am really having a heck of a time figuring this out over the past 2 days and find much information doing this with Windows Authentication.

My CustomPrincipal and BaseViewPage setup:

namespace Intranet_v2.Helpers
    public interface ICustomPrincipal : IPrincipal
        Guid UserGuid { get; set; }
        string FirstName { get; set; }
        string LastName { get; set; }
        string FullName { get; set; }

    public class CustomPrincipal : ICustomPrincipal
        public IIdentity Identity { get; private set; }
        public bool IsInRole(string role) { return false; }

        public CustomPrincipal(string identity)
            this.Identity = new GenericIdentity(identity);

        public Guid UserGuid { get; set; }
        public string FirstName { get; set; }
        public string LastName { get; set; }
        public string FullName { get; set; }

    public class CustomPrincipalSerializeModel
        public Guid UserGuid { get; set; }
        public string FirstName { get; set; }
        public string LastName { get; set; }
        public string FullName { get; set; }

    public class BaseController : Controller
        protected virtual new CustomPrincipal User
            get { return HttpContext.User as CustomPrincipal; }

    public abstract class BaseViewPage : WebViewPage
        public virtual new CustomPrincipal User
            get { return base.User as CustomPrincipal; }

    public abstract class BaseViewPage<TModel> : WebViewPage<TModel>
        public virtual new CustomPrincipal User
            get { return base.User as CustomPrincipal; }

Views Web.Config BaseViewPage:

<host factoryType="System.Web.Mvc.MvcWebRazorHostFactory, System.Web.Mvc, Version=, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<pages pageBaseType="Intranet_v2.Helpers.BaseViewPage">
    <add namespace="System.Web.Mvc" />
    <add namespace="System.Web.Mvc.Ajax" />
    <add namespace="System.Web.Mvc.Html" />
    <add namespace="System.Web.Optimization"/>
    <add namespace="System.Web.Routing" />
    <add namespace="Intranet_v2" />

I think my main problem is I have no idea what to do in the protected void Application_PostAuthenticateRequest(object sender, EventArgs args) for my Global.asax.cs file. I have a poor attempt at setting it up here:

protected void Application_PostAuthenticateRequest(object sender, EventArgs args)
    //var application = (HttpApplication)sender;
    var context = application.Context;

    if (context.User != null || !context.User.Identity.IsAuthenticated) return;

    var formsIdentity = (FormsIdentity)context.User.Identity;

    if (formsIdentity == null) return;

    var ticket = formsIdentity.Ticket;

    JavaScriptSerializer serializer = new JavaScriptSerializer();

    CustomPrincipalSerializeModel serializeModel = serializer.Deserialize<CustomPrincipalSerializeModel>(ticket.UserData);

    CustomPrincipal newUser = new CustomPrincipal(ticket.Name);
    newUser.UserGuid = serializeModel.UserGuid;
    newUser.FirstName = serializeModel.FirstName;
    newUser.LastName = serializeModel.LastName;
    newUser.FullName = serializeModel.FullName;

    var values = ticket.UserData.Split('|');

    var roles = values[1].Split(',');

    context.User = new GenericPrincipal(new GenericIdentity(ticket.Name, "Forms"), roles);

Now I'm at the point where @User.Name is now null. I'm in way over my head on this. Any help is appreciated. My protected void Application_PostAuthenticateRequest(object sender, EventArgs args) is completely out of wack.

All I want to do is rely on Windows Authentication to do what it does normally and add a few extra properties to the HttpContext.Current.User. Any help is appreciated... I can't be the only one trying to do this.


  • What I normally do is just request the additional user information later. For instance, using an Extension method like:

    public static class PrincipalExtensions
       private static void Initialize(string userName)
          var userRecord = //Get user information from DB;
          var session = HttpContext.Current.Session;
          if (session != null)
             session.Add("UserID", userRecord.ID);
             session.Add("UserEmail", userRecord.Email);
             //And so on
       public static long? GetUserID(this IPrincipal user)
          var id = HttpContext.Current.Session["UserID"] as long?;
          if (id == null)
          return (long)HttpContext.Current.Session["UserID"];

    This is roughly what I implement in some of my projects; rather than tapping into the login process and store it in the cookie, the system can lazy load the information and cache in session when the information is needed.