开发者

Where to create custom IPrincipal object?

开发者 https://www.devze.com 2023-03-01 13:17 出处:网络
I am using Application_PostAuthenticateRequest event in global.asax to create custom IPrincipal object

I am using Application_PostAuthenticateRequest event in global.asax to create custom IPrincipal object

void Application_PostAuthenticateRequest(object sender, EventArgs args)
{
    if (Context.User.Identity.IsAuthenticated == true)
        if (Context.User.Identity.AuthenticationType == "Forms")
        {                 
              Context.User = new CustomPrincipal(Context.User);
              Thread.CurrentPrincipal = Context.User;
        }                开发者_Go百科
}

to use in my application where I want get some more information about logged user. I thought it would be called one time when user authenticates but I noticed that it is called on every page request couple times for the same logged user. I found that even requesting image from AppThemes calls this method!

Where should I create that object instead to avoid calling this method multiple times for each user?


I found an answer to my question.

In loggin_in event I should save authentication cookie (I can store all information that I later need in my customPrincipal in UserData property) and in Application_PostAuthenticateRequest I should create CustomPrincipal from that cookie. That way this event fires every request but I don't hit database - I read data from cookie.

I followed http://www.ondotnet.com/pub/a/dotnet/2004/02/02/effectiveformsauth.html

In my case code is:

void Application_PostAuthenticateRequest(object sender, EventArgs args)
    {
        HttpCookie authCookie = Context.Request.Cookies[FormsAuthentication.FormsCookieName];
        if (authCookie == null)
            return;
        FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);
        string[] customData = authTicket.UserData.Split(new Char[] { '|' });

        if (Context.User.Identity.IsAuthenticated == true)
        {
            if (Context.User.Identity.AuthenticationType == "Forms")
            {
                Context.User = new CustomPrincipal(customData, Context.User);
                Thread.CurrentPrincipal = Context.User;
            }
        }
}


Context.User does not save the new principal across requests; you have to create the custom principal on every request. So it may be best to leave this code here. Otherwise, it will revert to FormsPrincipal or WindowsPrincipal, depending on application authentication mode.

HTH,

Brian

0

精彩评论

暂无评论...
验证码 换一张
取 消