Wrox Programmer Forums
Go Back   Wrox Programmer Forums > ASP.NET and ASP > ASP.NET 4.5 > ASP.NET 4.5 General Discussion
|
ASP.NET 4.5 General Discussion For ASP.NET 4.5 discussions not relating to a specific Wrox book
Welcome to the p2p.wrox.com Forums.

You are currently viewing the ASP.NET 4.5 General Discussion section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old May 6th, 2016, 10:31 AM
Registered User
 
Join Date: Sep 2015
Posts: 7
Thanks: 3
Thanked 1 Time in 1 Post
Default How can user's custom Principal object be rembered ?

Hello,

I am implementing a custom HTTPModule to provide authentication/authorization by reading credentials off a smartcard's certificate. The HTTPModule creates a custom implementation of the IPrincipal interface and assigns it to the Context's User object.

The custom principal object looks like this:

Code:
public class SmartCardPrincipal : IPrincipal
    {
        private SmartCardIdentity _identity;
        private Hashtable _roles;
        private bool _rolesLoaded;
       
        public IIdentity Identity
        {
            get
            {
                return this._identity;
            }
        }

        public bool IsInRole(string role)
        {
            if (!_rolesLoaded)
            {

                _roles = new Hashtable();

                //Query SQL Server Database for User's Roles, based on user's email address contained in SmartCardIdentity (read off user's SmartCard)
           
               [ Database Code ]

               _rolesLoaded = true;
                
            }
            return _roles.Contains(role);
        }

        public SmartCardPrincipal(SmartCardIdentity identity)
        {
            this._identity = identity;
            this._rolesLoaded = false;  
        }
    }

SmartCardIdentity is a custom implementation of IIdentity interface and contains the email address and name read off the user's SmartCard.

The problem I am having is the Context's User object is set to null on every postback. So the hashtable of roles is destroyed along with the whole principal object. So the database is being queried for the user's roles every time something is selected in a listbox or a button is pressed. This seems way too inefficient.

Is there any way for the asp.net website to remember the user's custom principal object between postbacks ? Can it be stored in a session variable ? I am thinking for forms authentication, the membership database is queried only once for a user and then the info is stored in a cookie. But I don't want to create a custom cookie.

thanks.

-- Edit: I did some testing it seems the session object is null in the HTTPModule, so doesn't look like session variable can be used. Any other way ?

Last edited by dars; May 6th, 2016 at 10:54 AM.. Reason: Did some code testing
 
Old May 17th, 2016, 11:33 AM
Registered User
 
Join Date: Sep 2015
Posts: 7
Thanks: 3
Thanked 1 Time in 1 Post
Default Solution

Answered my own question ! (well not really, I found via google)

It turns out that session object is available to HttpModule, just have to wait for the right event to fire. In my case, I was able to get session object from PostAcquireRequestState event, and then store/retrieve my custom Principal object in that event. Something like this...

Code:
  public class SmartCardAuthenticationModule : IHttpModule
    {
        public SmartCardPrincipal  SmartCard { get; set; }

        public void Init(HttpApplication context)
        {
            context.PostAcquireRequestState += new EventHandler(Application_PostAcquireRequestState);

          }

        void Application_PostAcquireRequestState(object source, EventArgs e)
        {
            HttpApplication app = (HttpApplication)source;

            SmartCard = (SmartCardPrincipal)app.Session["UserPrincipal"];
            if (SmartCard == null)
                this.OnAuthenticateRequest(source); //get credentials and make database calls to get roles...
  
            app.Context.User = SmartCard;
            app.Session["UserPrincipal"] = SmartCard;

        }
There's more error trapping to add, like testing for null Session object, but above is general idea..





Similar Threads
Thread Thread Starter Forum Replies Last Post
How can I show my custom widget on the user's dashboard? socalcane BOOK: Professional WordPress 0 January 25th, 2013 11:35 AM
Wrong Principal Object Bob Bedell C# 2005 4 December 29th, 2007 09:52 AM
Session Parameter with Custom Object tna55 ASP.NET 2.0 Basics 8 February 6th, 2007 09:57 AM
Working with Principal and Identity hasanali00 BOOK: ASP.NET Website Programming Problem-Design-Solution 1 March 31st, 2005 05:09 AM
email confirmation and site principal identity seanmayhew BOOK: ASP.NET Website Programming Problem-Design-Solution 1 March 30th, 2005 09:10 AM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.