| Groups | Blog | Home |
dotnet web services enhancements : Thread.CurrentPrincipal is emtpy!
I set the token.Principal and Thread.CurrentPrincipal to CustomPrincipal in my CustomUsernameTokenManager.AuthenticateToken method. When i try accessing the same in my WebMethod, i'm able to access the CustomPrincipal only through the token.Principal variable. When i try with Thread.CurrentPrincipal, it does not have the CustomPrincipal object in it because of which username and the roles list is empty. One might argue why i need to try this. The Business components i have written takes the logged in users name and role list from the Thread.CurrentPrincipal so what ever type of application is using the Business component just need to set the Thread.CurrentPrincipal. I would not want set toekn.Principal instead Thread.CurrentPrincipal. Does anyone know why Thread.CurrentPrincipal is not giving my CustomPrincipal that i set in AuthenticateToken method? Thanks in Advance! -- Regards,
Hello Scribnar,
Could you post your code please? HTH Regards, Dilip Krishnan MCAD, MCSD.net dkrishnan at geniant dot com http://www.geniant.com [quoted text, click to view] > Hi, > > I set the token.Principal and Thread.CurrentPrincipal to > CustomPrincipal in my CustomUsernameTokenManager.AuthenticateToken > method. When i try accessing the same in my WebMethod, i'm able to > access the CustomPrincipal only through the token.Principal variable. > When i try with Thread.CurrentPrincipal, it does not have the > CustomPrincipal object in it because of which username and the roles > list is empty. > > One might argue why i need to try this. The Business components i have > written takes the logged in users name and role list from the > Thread.CurrentPrincipal so what ever type of application is using the > Business component just need to set the Thread.CurrentPrincipal. I > would not want set toekn.Principal instead Thread.CurrentPrincipal. > Does anyone know why Thread.CurrentPrincipal is not giving my > CustomPrincipal that i set in AuthenticateToken method? > > Thanks in Advance! >
Hi Dilip,
Thanks for your replies. Please find the code below. protected override string AuthenticateToken( UsernameToken token ) { if(!obj.ValidateUser(token.Username, token.Password)) { //return any invalid password which will throw authendication failed message. return DateTime.Now.ToLongDateString(); } else { IIdentity id = new GenericIdentity(token.Username); //This line creates a principal for the given identity with the list of roles and returns the principal after setting Thread.CurrentPrincipal to the principal object created token.Principal = CustomSecurity.AttachPrincipal(id); Thread.CurrentPrincipal = token.Principal; return token.Password; } } I have created a class CustomPrincipal extending IPrincipal interface. That is being returned from CustomSecurity.AttachPrincipal method. Following is the simple version of my web method. [WebMethod] public string RetriveAllAppliedBuilds() { string userName = System.Threading.Thread.CurrentPrincipal.Identity.Name; return userName ; } Thanks. Regards, -Suresh. [quoted text, click to view] "Dilip Krishnan" wrote:
> Hello Scribnar, > Could you post your code please? > > HTH > Regards, > Dilip Krishnan > MCAD, MCSD.net > dkrishnan at geniant dot com > http://www.geniant.com > > > Hi, > > > > I set the token.Principal and Thread.CurrentPrincipal to > > CustomPrincipal in my CustomUsernameTokenManager.AuthenticateToken > > method. When i try accessing the same in my WebMethod, i'm able to > > access the CustomPrincipal only through the token.Principal variable. > > When i try with Thread.CurrentPrincipal, it does not have the > > CustomPrincipal object in it because of which username and the roles > > list is empty. > > > > One might argue why i need to try this. The Business components i have > > written takes the logged in users name and role list from the > > Thread.CurrentPrincipal so what ever type of application is using the > > Business component just need to set the Thread.CurrentPrincipal. I > > would not want set toekn.Principal instead Thread.CurrentPrincipal. > > Does anyone know why Thread.CurrentPrincipal is not giving my > > CustomPrincipal that i set in AuthenticateToken method? > > > > Thanks in Advance! > > > >
Hi William,
Does that mean thread pooling happens in ASP.NET as well? Thanks. -Suresh. [quoted text, click to view] "William Stacey [MVP]" wrote:
> I blogged a sample doing this and it worked for me. > http://spaces.msn.com/members/staceyw/Blog/cns!1pnsZpX0fPvDxLKC6rAAhLsQ!166.entry > > The one thing to watch for is clear Thread.CurrentPrincipal before the > WebMethod returns as it is a ThreadPool thread - as it may/will get reused. > So you don't want another thread using your last principal object for code > access security. > > -- > William Stacey, MVP > http://mvp.support.microsoft.com > > "Scribnar" <notoblogging.suresh.kr@lgcnsglobal.com> wrote in message > news:3020460F-E1DD-47D5-8D8C-420C02FE5562@microsoft.com... > > Hi, > > > > I set the token.Principal and Thread.CurrentPrincipal to CustomPrincipal > in > > my CustomUsernameTokenManager.AuthenticateToken method. When i try > accessing > > the same in my WebMethod, i'm able to access the CustomPrincipal only > through > > the token.Principal variable. When i try with Thread.CurrentPrincipal, it > > does not have the CustomPrincipal object in it because of which username > and > > the roles list is empty. > > > > One might argue why i need to try this. The Business components i have > > written takes the logged in users name and role list from the > > Thread.CurrentPrincipal so what ever type of application is using the > > Business component just need to set the Thread.CurrentPrincipal. I would > not > > want set toekn.Principal instead Thread.CurrentPrincipal. Does anyone know > > why Thread.CurrentPrincipal is not giving my CustomPrincipal that i set in > > AuthenticateToken method? > > > > Thanks in Advance! > > -- > > Regards, > > -Suresh. >
William,
Sorry that would stupid question as its obvious in the <processModel> element in machine.config. -Suresh. [quoted text, click to view] "Scribnar" wrote:
> Hi William, > > Does that mean thread pooling happens in ASP.NET as well? > > Thanks. > -Suresh. > > "William Stacey [MVP]" wrote: > > > I blogged a sample doing this and it worked for me. > > http://spaces.msn.com/members/staceyw/Blog/cns!1pnsZpX0fPvDxLKC6rAAhLsQ!166.entry > > > > The one thing to watch for is clear Thread.CurrentPrincipal before the > > WebMethod returns as it is a ThreadPool thread - as it may/will get reused. > > So you don't want another thread using your last principal object for code > > access security. > > > > -- > > William Stacey, MVP > > http://mvp.support.microsoft.com > > > > "Scribnar" <notoblogging.suresh.kr@lgcnsglobal.com> wrote in message > > news:3020460F-E1DD-47D5-8D8C-420C02FE5562@microsoft.com... > > > Hi, > > > > > > I set the token.Principal and Thread.CurrentPrincipal to CustomPrincipal > > in > > > my CustomUsernameTokenManager.AuthenticateToken method. When i try > > accessing > > > the same in my WebMethod, i'm able to access the CustomPrincipal only > > through > > > the token.Principal variable. When i try with Thread.CurrentPrincipal, it > > > does not have the CustomPrincipal object in it because of which username > > and > > > the roles list is empty. > > > > > > One might argue why i need to try this. The Business components i have > > > written takes the logged in users name and role list from the > > > Thread.CurrentPrincipal so what ever type of application is using the > > > Business component just need to set the Thread.CurrentPrincipal. I would > > not > > > want set toekn.Principal instead Thread.CurrentPrincipal. Does anyone know > > > why Thread.CurrentPrincipal is not giving my CustomPrincipal that i set in > > > AuthenticateToken method? > > > > > > Thanks in Advance! > > > -- > > > Regards, > > > -Suresh. > >
I blogged a sample doing this and it worked for me.
http://spaces.msn.com/members/staceyw/Blog/cns!1pnsZpX0fPvDxLKC6rAAhLsQ!166.entry The one thing to watch for is clear Thread.CurrentPrincipal before the WebMethod returns as it is a ThreadPool thread - as it may/will get reused. So you don't want another thread using your last principal object for code access security. -- William Stacey, MVP http://mvp.support.microsoft.com [quoted text, click to view] "Scribnar" <notoblogging.suresh.kr@lgcnsglobal.com> wrote in message
news:3020460F-E1DD-47D5-8D8C-420C02FE5562@microsoft.com... > Hi, > > I set the token.Principal and Thread.CurrentPrincipal to CustomPrincipal in > my CustomUsernameTokenManager.AuthenticateToken method. When i try accessing > the same in my WebMethod, i'm able to access the CustomPrincipal only through > the token.Principal variable. When i try with Thread.CurrentPrincipal, it > does not have the CustomPrincipal object in it because of which username and > the roles list is empty. > > One might argue why i need to try this. The Business components i have > written takes the logged in users name and role list from the > Thread.CurrentPrincipal so what ever type of application is using the > Business component just need to set the Thread.CurrentPrincipal. I would not > want set toekn.Principal instead Thread.CurrentPrincipal. Does anyone know > why Thread.CurrentPrincipal is not giving my CustomPrincipal that i set in > AuthenticateToken method? > > Thanks in Advance! > -- > Regards, > -Suresh.
Don't see what you're looking for? Try a search.
|
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |