+1-888-365-2779
Try Now
More in this section

Forums / Bugs & Issues / IPrincipal and IIdentity

IPrincipal and IIdentity

8 posts, 0 answered
  1. Stephen Long
    Stephen Long avatar
    20 posts
    Registered:
    29 Sep 2009
    21 Mar 2010
    Link to this post
    Hello,

    I've been working with Sitefinity for the past few months with a Custom Role/Membership provider.  Recently I added Custom IPrincipal and IIdentity classes.

    In my global.asax, I attach this principal/identity to the context like so:

    void Application_OnPostAuthenticateRequest(object sender, EventArgs e)
    {
        HttpContext context = HttpContext.Current;
        if (context != null)
        {
            if (context.User != null)
            {
                if (context.User.Identity.IsAuthenticated)
                {
                    if (context.User.Identity is FormsIdentity)
                    {
                        // Get Forms Identity From Current User
                        FormsIdentity id = (FormsIdentity)context.User.Identity;
                        // Get Forms Ticket From Identity object and create a new CustomIdentity                   
                        CustomIdentity identity = CustomIdentity(id.Name, id.Ticket, id.IsAuthenticated);
                        //  Create a new CustomPrincipal Instance and assign to Current User
                        CustomPrincipal principal = new CustomPrincipal(identity);
                        // Add the principal to the context and thread
                        context.User = principal;
                        System.Threading.Thread.CurrentPrincipal = principal;
                    }
                }
            }
        }
    }

    This works with every (about 5-6) ASP.NET web application that I have, except Sitefinity.  If I add this method to the global.asax, then it seems like Sitefinity stops loading Roles for the current user.  That is to say, a user that has the "Unrestricted" role now no longer has acces to the admin pages, etc.  The only thing I can think is that possibly Sitefinity is attaching its own IIdentity/Principal and then trying to cast the User/Identity off the context and failing.

    So, I guess my main question is this.  Does Sitefinity work with custom IPrincipal/IIdentity classes?  If it doesn't directly, is there a work around?

    Thanks,
    Stephen Long
  2. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    25 Nov 2016
    24 Mar 2010
    Link to this post
    Hi Stephen Long,

    The backend relies on RolePrincipal to manage security information for the current request. You could use the CustomPrincipal for the public side of your website. In Sitefinity 4.0  you will be able to use custom IPrincipal for the backend and frontend, but this is not possible in 3.x. versions.

    Regards,
    Ivan Dimitrov
    the Telerik team

    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
  3. Stephen Long
    Stephen Long avatar
    20 posts
    Registered:
    29 Sep 2009
    05 Apr 2010
    Link to this post
    Thanks for the reply, Ivan.  I'm relieved to know that the issue I was having is due to Sitefinity 3.x.  I'm really looking forward to the 4.0 release.

    -Stephen
  4. Rahul Patel
    Rahul Patel avatar
    3 posts
    Registered:
    09 Dec 2005
    19 Apr 2010
    Link to this post
    Ivan Dimitrov,

    So what is the suggested work around for SiteFinity 3.x?  How would you modify Application_OnPostAuthenticateRequest so that it only runs on the front-end?

    Thanks...
  5. Paul Dench
    Paul Dench avatar
    19 posts
    Registered:
    26 Oct 2009
    19 Apr 2010
    Link to this post
    Do you have a release date for version 4? I am having the same issue with my site.

    Thanks
    Paul Dench
  6. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    25 Nov 2016
    20 Apr 2010
    Link to this post
    Hi Paul Dench,

    You could take a look at this forum post to gather information about the release data of Sitefinity 4.0

    Rahul Patel: you need to use custom IHttpModule.You could construct a custom IPrincipal object that wraps the Identity object, and then store it in the HttpContext

    Best wishes,
    Ivan Dimitrov
    the Telerik team

    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
  7. Rahul Patel
    Rahul Patel avatar
    3 posts
    Registered:
    09 Dec 2005
    20 Apr 2010
    Link to this post
    When you say "then store it in the HttpContext" do you mean set the User property like this?

    HttpContext.Current.User = principal;
    Thread.CurrentPrincipal = principal;

    Or do you mean add it to the Items collection?

    Also, i'm currently using two membership/role providers for Public (custom provider) vs CMS (default Telerik provider) with Forms authentication.  On the Public side would it be a problem if we set custom data in Forms authentication ticket? I believe in the CMS side uses the custom data to store the role provider.

    Please advise.  Thanks...
  8. Georgi
    Georgi avatar
    3583 posts
    Registered:
    28 Oct 2016
    23 Apr 2010
    Link to this post
    Hi Rahul Patel,

    You are right, this is how we set them:

    HttpContext.Current.User = principal;
    Thread.CurrentPrincipal = principal;

    Also, at this point, we are not seeing any problems with setting custom data in the ticket. It should work just fine, like in a regular Asp.Net application.

    Let us know if you face any problems. 

    All the best,
    Georgi
    the Telerik team

    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
Register for webinar
8 posts, 0 answered