Geek Answers Handbook

Where does Web.HttpContext.Current.User.Identity.Name come from?

I have

FormsAuthentication.SetAuthCookie("someName", True)

as part of my user login sequence. Later, I have a page that allows only a specific role:

<location path="myPage.aspx">
    <system.web>
        <authorization>
            <allow roles="SomeRole"/>
            <deny users="*"/>
        </authorization>
    </system.web>
</location>

As far as I can tell, this causes a call to my provider role GetRolesForUser. It seems to get the username parameter from Web.HttpContext.Current.User.Identity.Name.

My question is .... when is the username from the auth cookie set as the name in my current user id?

+5
source share
2 answers

- IPrinciple, HTTPModules ASP.NET, , , System.Web.Security.FormsAuthenticationModule OnAuthenticate.

, , , , global.asax HTTPModule, Application_AuthenticateRequest. :

Public Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As System.EventArgs)
    Dim cookieName As String = FormsAuthentication.FormsCookieName
    Dim authCookie As HttpCookie = HttpContext.Current.Request.Cookies(FormsAuthentication.FormsCookieName)

    If Not IsNothing(authCookie) Then
        Dim authTicket As FormsAuthenticationTicket = FormsAuthentication.Decrypt(authCookie.Value)
        If IsNothing(authTicket) OrElse authTicket.Expired Then
            HttpContext.Current.Response.Redirect(FormsAuthentication.LoginUrl)
        Else
            Dim id As New FormsIdentity(authTicket)

            Dim newUser As New YourCustomUserType(id.Name)
            HttpContext.Current.User = newUser
        End If
    End If
End Sub
+3

, OnAuthenticate System.Web.Security.FormsAuthenticationModule.

 e.Context.SetPrincipalNoDemand(
      new GenericPrincipal(new FormsIdentity(ticket),
      new string[0]));
+2

More articles:


All Articles