Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Go Back   Wrox Programmer Forums > ASP.NET and ASP > ASP.NET 4.5 > ASP.NET 4.5 General Discussion
Password Reminder
Register
Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
ASP.NET 4.5 General Discussion For ASP.NET 4.5 discussions not relating to a specific Wrox book
Welcome to the p2p.wrox.com Forums.

You are currently viewing the ASP.NET 4.5 General Discussion section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developersí questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
Reply
 
Thread Tools Display Modes
  #1 (permalink)  
Old May 6th, 2016, 11:31 AM
Registered User
Points: 45, Level: 1
Points: 45, Level: 1 Points: 45, Level: 1 Points: 45, Level: 1
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Sep 2015
Posts: 7
Thanks: 3
Thanked 1 Time in 1 Post
Default How can user's custom Principal object be rembered ?

Hello,

I am implementing a custom HTTPModule to provide authentication/authorization by reading credentials off a smartcard's certificate. The HTTPModule creates a custom implementation of the IPrincipal interface and assigns it to the Context's User object.

The custom principal object looks like this:

Code:
public class SmartCardPrincipal : IPrincipal
    {
        private SmartCardIdentity _identity;
        private Hashtable _roles;
        private bool _rolesLoaded;
       
        public IIdentity Identity
        {
            get
            {
                return this._identity;
            }
        }

        public bool IsInRole(string role)
        {
            if (!_rolesLoaded)
            {

                _roles = new Hashtable();

                //Query SQL Server Database for User's Roles, based on user's email address contained in SmartCardIdentity (read off user's SmartCard)
           
               [ Database Code ]

               _rolesLoaded = true;
                
            }
            return _roles.Contains(role);
        }

        public SmartCardPrincipal(SmartCardIdentity identity)
        {
            this._identity = identity;
            this._rolesLoaded = false;  
        }
    }

SmartCardIdentity is a custom implementation of IIdentity interface and contains the email address and name read off the user's SmartCard.

The problem I am having is the Context's User object is set to null on every postback. So the hashtable of roles is destroyed along with the whole principal object. So the database is being queried for the user's roles every time something is selected in a listbox or a button is pressed. This seems way too inefficient.

Is there any way for the asp.net website to remember the user's custom principal object between postbacks ? Can it be stored in a session variable ? I am thinking for forms authentication, the membership database is queried only once for a user and then the info is stored in a cookie. But I don't want to create a custom cookie.

thanks.

-- Edit: I did some testing it seems the session object is null in the HTTPModule, so doesn't look like session variable can be used. Any other way ?

Last edited by dars; May 6th, 2016 at 11:54 AM. Reason: Did some code testing
Reply With Quote
  #2 (permalink)  
Old May 17th, 2016, 12:33 PM
Registered User
Points: 45, Level: 1
Points: 45, Level: 1 Points: 45, Level: 1 Points: 45, Level: 1
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Sep 2015
Posts: 7
Thanks: 3
Thanked 1 Time in 1 Post
Default Solution

Answered my own question ! (well not really, I found via google)

It turns out that session object is available to HttpModule, just have to wait for the right event to fire. In my case, I was able to get session object from PostAcquireRequestState event, and then store/retrieve my custom Principal object in that event. Something like this...

Code:
  public class SmartCardAuthenticationModule : IHttpModule
    {
        public SmartCardPrincipal  SmartCard { get; set; }

        public void Init(HttpApplication context)
        {
            context.PostAcquireRequestState += new EventHandler(Application_PostAcquireRequestState);

          }

        void Application_PostAcquireRequestState(object source, EventArgs e)
        {
            HttpApplication app = (HttpApplication)source;

            SmartCard = (SmartCardPrincipal)app.Session["UserPrincipal"];
            if (SmartCard == null)
                this.OnAuthenticateRequest(source); //get credentials and make database calls to get roles...
  
            app.Context.User = SmartCard;
            app.Session["UserPrincipal"] = SmartCard;

        }
There's more error trapping to add, like testing for null Session object, but above is general idea..
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
How can I show my custom widget on the user's dashboard? socalcane BOOK: Professional WordPress 0 January 25th, 2013 11:35 AM
Wrong Principal Object Bob Bedell C# 2005 4 December 29th, 2007 09:52 AM
Session Parameter with Custom Object tna55 ASP.NET 2.0 Basics 8 February 6th, 2007 09:57 AM
Working with Principal and Identity hasanali00 BOOK: ASP.NET Website Programming Problem-Design-Solution 1 March 31st, 2005 05:09 AM
email confirmation and site principal identity seanmayhew BOOK: ASP.NET Website Programming Problem-Design-Solution 1 March 30th, 2005 09:10 AM



All times are GMT -4. The time now is 03:42 AM.


Powered by vBulletin®
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.