asp.netasp.net-mvcsecurityiprincipal

Custom Principal reverting to GenericPrincipal on new requests


I'm trying to implement a custom principal and custom identity in a .NET MVC website. I've created a custom principal class which inherits from IPrincipal and a custom identity which inherits from IIdentity.

When a user logs in I set both Thread.CurrentPrincipal and HttpContext.Current.User to my custom principal. When I view either through the debugger the values are set with all the properties.

However once the request is complete and I try and request any other pages both Thread.CurrentPrincipal and HttpContext.Current.User are of type System.Security.Principal.GenericPrincipal and not my custom principal.

Do I need to do anything "extra" to get my custom principal out of the thread or HttpContext?

Thanks


Solution

  • The values in Thread.CurrentPrincipal and HttpContext.Current.User are not persisted between requests, they are rebuilt on each request. The best place for you to do this is probably in the Global.asax; write a function with the prototype:

    void Application_PostAuthenticateRequest(object sender, EventArgs e)
    

    That should get called after a user is authenticated on each request, which will allow you to set the principal how you would like.