Hello all,

I think I misunderstood what  the "Thread.CurrentPrincipal" is,  could somebody help me with it?

Currently, we are using forms authentication by default and for a new client, we are try to integrate it with a third party Authentication schemes (SiteMinder - which checks for HttpHeader variable). After some research, we find the best place to do it is in "Application_PostAuthenticateRequest" of Global.asax.  Naturally, since we are there, we want to use a Custom Principal object that wraps around the default FormsIdentity element and store a "UserInfo" object along with it. This way, the "UserInfo" object can be queried out of the Custom Principal throughout the application without the need to hit the database again. (At least that's what my original intention was)

So here is what I'm confused with.  Upon the first page loads, I hit database, get user information back, set it to a "UserInfo" object, attach it to my custom principal object "MyCustomPrincicpal",set "Thread.CurrentPrincipal = MyCustomPrincipal" and I was able to get "MyCustomPrincipal" object back on a page. No problem. But if I go to another page, the same process happened all over again!! At the beginning of any page load, Thread.CurrentPrincpal is never "MyCustomPrinciapl", so I'm seeing a database hit on every single page.

Is that how Thread.CurrentPrincipal works? How do you persist the logged User information object (which contains 2 other sub List<objects>") without hitting the database more than 1 time using Custom Principal?

I think I got the concept wrong.

Here is a snippet

 void Application_PostAuthenticateRequest(Object sender, EventArgs e)
 {

        if (HttpContext.Current.User != null)
        {
                  if (HttpContext.Current.User.Identity.IsAuthenticated)
                  {

                           if (HttpContext.Current.User is MyCustomPrincicpal)
                           { 

                                          //do nothing
                           }
                           else{

                                  // Assuming it's the first time, then MyCustomPrincipal should be set.

                                   FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity;
                                   String name = id.Name ;

                                   //Query db and get back UserInfo and Roles
                                   UserInfo  userInfo = blah;

                                   MyCustomPrincicpal customPrincipal = new MyCustomPrincicpal(id,roles,userinfo);
                                   Thread.CurrentPrincpal = customPrincipal;

                           }

                }
       }
 }
 

Here are some hints that might help; but, I do not have a detailed answer.

These articles are a little old, but I used them with .NET 2 and it worked great. 

How To: Implement IPrincipal 

http://msdn2.microsoft.com/en-us/library/aa302401.aspx

How To: Create GenericPrincipal Objects with Forms Authentication

http://msdn2.microsoft.com/en-us/library/aa302399.aspx 

How To: Use Forms Authentication with SQL Server

http://msdn2.microsoft.com/en-us/library/aa302398.aspx 

Follow that code and it does work-- it did for me.

(Caveat-- Things may be different in Framework 3.5; I do not know yet.)

HTH.

Thank you.

-- Mark Kamoski