Re: IsAuthenticated property on IIdentity interface

From: Nicole Calinoiu (calinoiu)
Date: 04/21/05 

Date: Thu, 21 Apr 2005 07:08:26 -0400

"Oriane" <Oriane@Guermantes.com> wrote in message
news:uO3aO6kRFHA.356@TK2MSFTNGP14.phx.gbl...
> Hi Nicole,
>
> I use the "default" identity type from the Enterprise Library, using a
> login/password authentication scheme. It is using GenericIdentity. In that
> precise case, the constructor :
> new GenericIdentity(namePasswordCredentials.Name, GetAuthenticationType())
>
> I have the feeling that this constructor returns the object with a
> "IsAuthenticated" property "set" to "true".

Yes. As soon as you specify a non-empty name,
GenericIdentity.IsAuthenticated will return true. You could still use
GenericIdentity as your IIdentity implementation. However, if you do, you
shouldn't assign it unless the user is actually authenticated.

> In my application, I want to authenticate users by comparing a
> login/password with database values. It's a .NET Windows Form app (not an
> ASP.NET one). Should I use the FormsIdentity class or is this class only
> to
> be used for ASP.NET application ?

FormsIdentity is almost certainly a worse choice than GenericIdentity for
your scenario. There are at least a couple of reasons for this:

1. FormsIdentity.IsAuthenticated always returns true, so it's actually
even less flexible than GenericIdentity wrt your desired behaviour.
2. Use of FormsIdentity requires AspNetHostingPermission, which is a wee
bit of a pain to grant to partially trusted non-ASP.NET code.

If you really want a variation of the theme of GenericIdentity that simply
adds construction-time specification of authentication status, why not just
create your own implementation that derives from GenericIdentity? That
said, I am a wee bit skeptical of what use one might have constructing an
identity object based on the self-declared name of a user before the user is
actually authenticated, but ymmv...

>
> Thanks
>
> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
> news:%23EYCWRcRFHA.1396@TK2MSFTNGP10.phx.gbl...
>> Each type that implements the interface may implement the logic behind
>> the
>> property in a different way. For example,
>> System.Security.Principal.GenericIdentity will return true for the
> property
>> iff the identity name is not an empty string. What identity type are you
>> using?
>>
>>
>> "Oriane" <Oriane@Guermantes.com> wrote in message
>> news:eNzZtIcRFHA.2348@tk2msftngp13.phx.gbl...
>> > Hi everybody,
>> >
>> > this property is read-only in the interface IIdentity. I suppose it is
> set
>> > at the creation of the instance, but I cannot find the right
>> > constructor
> ?
>> >
>> > Oriane
>> >
>> >
>>
>>
>
>

Relevant Pages

  • Custom IIdentity class - how to set it?
    ... I have created my own IIdentity class (actually inherited from ... GenericIdentity) to contain lots of extra useful information to be passed ... around with the user's basic information. ... to be controlling all of the authentication using custom forms ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Custom IIdentity class - how to set it?
    ... good idea to avoid a database hit on each load. ... > "John Saunders" wrote in message ... >>> GenericIdentity) to contain lots of extra useful information to be ... >>> to be controlling all of the authentication using custom forms ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Role based security objects
    ... GenericIdentity class represents the identity of a user based on a custom ... authentication method, which an app defines. ... the GenericIdentity class cna only store an authenticated user's name. ...
    (microsoft.public.dotnet.security)
  • Re: IsAuthenticated property on IIdentity interface
    ... > adds construction-time specification of authentication status, ... > create your own implementation that derives from GenericIdentity? ... we use the custom authentication which consists of ...
    (microsoft.public.dotnet.security)