iprincipal

I have a Delete method on all my business objects that has the PrincipalPermission attribute on it. Example: [PrincipalPermission(SecurityAction.Demand, Role = "Vendor Manager")] public static bool Delete(Vendor myVendor) { //do work here } The problem is that it appears to be completely ignoring my PrincipalPermission. It lets anyone through, no matter what role they may be part of. Is there something else I've forgotten to do? I have added the following to my Application's global.asax in the Application Startup section: AppDomain.CurrentDomain.SetPrincipalPolicy(System.Security.Principal

I would like to extend IPrincipal in asp.net to allow me to get the usertype that I will define. I would like to make it possible to do this in a controller string type = User.UserType then in my extension method i will have a method like public string UserType() { // do some database access return userType } how can I do this? is it possible? Thanks! SLaks You can make an extension method: public static string UserType(this IPrincipal principal) { // do some database access return something; } Johannes Setiabudi Sure. Make your class implements IPrincipal: public class MyPrinciple :

I've written a custom principal object which contains a few additional fields (email and userid in addition to the username). In order to access these properties I have to cast the Context.User object as my custom principal. @Html.GetGravitarImage((User as CustomPrincipal).Email) This custom principal is created / deserialized via the Application_AuthenticateRequest in my global.ascx. You can see this question I asked here for more information. private void Application_AuthenticateRequest(Object source, EventArgs e) { var application = (HttpApplication)source; var context = application.Context

I am using custom Membership and Role providers inside the ASP.NET framework with Forms Authentication. These are working great. The Role provider is using a cookie to persist the roles, saving a trip to the database on each web request. I am also using the UserData string inside the FormsAuthenticationTicket to store the UserId. I need to refactor my DAL out of the web project to its own project. The DAL has a dependency on retrieving the Current user’s ID as well as checking the roles for rights. How should my Authentication system change so I can use the Thread.CurrentPrincipal without

I just wanna ask what would be better approach to supply these objects in my unit tests. In my unit test I am testing CSLA object. CSLA object is internally using one property and one method of ApplicationUser object. ApplicationUser is inherited from IPrincipal. The properties are: 1) ApplicationContext.User.IsInRole(...) - the method is part of IPrincipal 2) ApplicationContext.User.Identity.Name - the name is property of IIdentity which is part of ApplicationUser aka IPricipal Example of my test (using RhinoMock): public void BeforeTest() { mocks = new MockRepository(); IPrincipal

I have a WCF service which has its Thread.CurrentPrincipal set in the ServiceConfiguration.ClaimsAuthorizationManager . When I implement the service asynchronously like this: public IAsyncResult BeginMethod1(AsyncCallback callback, object state) { // Audit log call (uses Thread.CurrentPrincipal) var task = Task<int>.Factory.StartNew(this.WorkerFunction, state); return task.ContinueWith(res => callback(task)); } public string EndMethod1(IAsyncResult ar) { // Audit log result (uses Thread.CurrentPrincipal) return ar.AsyncState as string; } private int WorkerFunction(object state) { // perform

I'm working on an application using ASP.NET MVC 1.0 and I'm trying to inject a custom IPrincipal object in to the HttpContext.Current.User object. With a traditional WebForms application I've used the Application_AuthenticateRequest event to do this as follows. protected void Application_AuthenticateRequest(object sender, EventArgs e) { if (HttpContext.Current.User != null) { if (HttpContext.Current.User.Identity.IsAuthenticated) { if (HttpContext.Current.User.Identity is FormsIdentity) { // Get Forms Identity From Current User FormsIdentity id = (FormsIdentity)HttpContext.Current.User