|
.net
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Custom IIdentity w/ FormsAuthenticationI created a custom IIdentity class to store additional properties for a logged in user. The only way I've been able to assign a custom IIdentity when using FormsAuthentication is to swap it in the Begin_AuthenticateRequest event in the global.asax. Is it safe to susbstitute a custom IIdentity in place of the "standard" FormsIdentity? Does anyone know if this will create any security problems? I've swapped my custom IIdentity into a GenericPrincipal and it seems to work ok... -- Stan Kee (spamhoneypot@rogers.com) Here is a decent article.
http://www.leastprivilege.com/ContextUserVsThreadCurrentPrincipal.aspx Are you saying that: // Attach the new principal object to the current HttpContext object Context.User = principal; fails, unless you have it in Begin_AuthenticateRequest ? Spam Catcher wrote: Show quoteHide quote > Hi all, > > I created a custom IIdentity class to store additional properties for a > logged in user. > > The only way I've been able to assign a custom IIdentity when using > FormsAuthentication is to swap it in the Begin_AuthenticateRequest event in > the global.asax. > > Is it safe to susbstitute a custom IIdentity in place of the "standard" > FormsIdentity? > > Does anyone know if this will create any security problems? > > I've swapped my custom IIdentity into a GenericPrincipal and it seems to > work ok... > > -- > Stan Kee (spamhoneypot@rogers.com) sl***@ipass.net wrote in news:1136592775.521688.25760
@g44g2000cwa.googlegroups.com: > Are you saying that: I've attached a custom principal AND custom identity within the > // Attach the new principal object to the current HttpContext object > Context.User = principal; > > > fails, unless you have it in > Begin_AuthenticateRequest ? > Application_AuthenticateRequest event handler ... and it seems to be working OK??? So what I'm worried out: I am no longer using the FormsIdentity Object - yet forms authentication works OK. Have I created any security holes? -- Stan Kee (spamhoneypot@rogers.com)  
Other interesting topics
WebResource.axd request causing errors
2.0 Custom Membership Provider! Calendar Control New to ASP.NET 2.0 ASP.NET process identity does not have read permissions to the global assembly cache Help with inline code? Video in ASPX Query Data via SMS What is ASPNETDB.MDF used for? ASPNET permission to to access SQL Server Express on localhost |
|||||||||||||||||||||||
