Re: Losing custom identity
From: Dominick Baier [DevelopMentor] (dbaier_at_pleasepleasenospamdevelop.com)
Date: 07/30/05
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 29 Jul 2005 17:27:08 -0700
Hello martymcdonald@comcast.net,
normally - the place to attach roles to a Principal and replace Context.User
is in the Authenticate_Request event (in Global.asax or a HttpModule).
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
> For authentication we are using an external DB. I can use Forms
> authentication and use the loginUrl="MyLoginForm.aspx" just fine. But
> for authorization, we cannot use a static list of roles for people,
> their authorization depends on factors which change as they use the
> system.
>
> We must determine roles on every page hit, using information in our
> custom identity, which is changed as user uses system. I examine
> custom identity, determine roles, create principal accordingly, then
> attach it to HttpContext.Current.User. But after redirecting to
> another page, the HttpContext.Current.User identity reverts back to a
> "Windows" identity and also the principal's information is gone too
> (reverts to generic principal without my role info).
>
> How does one modify the HttpContext.Current.User and have it persist
> between redirects? Thanks!
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
