Injecting Current USer using Structuremap Custom Instance

Here is what I am trying to do: I have implemented Form Authentication in ASP.NET MVC. I have IUser Interface which conforms to IPrincipal (System.Security.Principal). The custom IUser have additional properties and can be considered as a DTO. I need t开发者_高级运维o use this user in different layers.

Currently my base controller checks whether the form is Authenticated and reconstructs the IUser as in Code1. I am passing this current User to Service Layer, which passes them to domain layer and then it gets to Events and Event Handlers( domain events).

All layers are Interface based and StructureMap is used as IoC. My IoC is a separate class Library.

I am looking for a way to avaoiding pass user information to each and every method. I found that I could inject Custom Instance of a class as described in link http://structuremap.net/structuremap/InstanceExpression.htm#section11

I plan to create a Method

public void SetCurrentUser(IUser user)
{
    // Something Similart to below ( Below code may be wrong)

    //For<IUser>().TheDefault.IsThis(user);

}

and

have IUser in all class constructors which needs to know about current user

Questions

1) is this a right way to pass User Information to all layers and do you think it will work.

2) Is this safe, Can a user in one session be hijacked from another session?

Thank you,

Mar

Code(1)

string[] roles = userData.Split(',');
// Create a new Generic Principal Instance and assign to Current User
IUser _currentUser= new User
{
    IsApplicationUser = Convert.ToBoolean(roles[0].ToString()),
    Role = (UserRole)Enum.Parse(typeof(UserRole), roles[1].ToString()),
    Id = new Guid(ticket.Name),
    Email = roles[3].ToString(),
    Name = roles[2].ToString(),
    CompanyName = roles[4].ToString(),
    DealerId = roles[5].ToString(),
    LocationId  = roles[6].ToString()
};

---

For<IUser>().HybridHttpOrThreadLocalScoped().Use( container => {
    buildUserInstanceFromThreadCurrentPrincipal();
});