Possible to create a User other than System.Web.User?

I am looking into using the new Roles features in my web applications. I notice that it all depends on the person authenticated in the System.Web.User object. In our environment, our web applications are set to Windows authentication, but the real user is authenticated via pubcookie (see http://www.pubcookie.org/). So I can get the id of the authenticated user from the Request.ServerVariables["HTTP_PUBCOOKIE_USER"]. Thus the real authenticated user's identity will not be in the System.Web.User object.

I am wondering if there is some way to just create a separate standalone User object, and just put the pubcookie user id into that? Then I will have a custom Role Provider that can look up the id in our database. So far I have not seen any way to just instantiate a User object (i.e. some class that implements IPrincipal). Is this possible?

0
Matt_F
11/9/2005 12:45:27 AM
asp.net.security 27051 articles. 1 followers. Follow

4 Replies
1026 Views

Similar Articles

[PageSpeed] 32
Get it on Google Play
Get it on Apple App Store

The following is an example how you can set the User object:

Context.User = new GenericPrincipal(new GenericIdentity(Request.ServerVariables["HTTP_PUBCOOKIE_USER"]));


/Fredrik Normén - fredrikn @ twitter

Microsoft MVP, MCSD, MCAD, MCT

ASPInsiders
My Blog
0
Fredrik
11/9/2005 7:39:08 AM
Thanks, that looks like the solution!

A tangential followup question -- is there a way to find out which classes instantiate a given interface? I am new to .Net, coming from Java, and in the JavaDoc documentation for a standard system interface there is a section "Instantiated By" which would list the standard classes that instantiate it.

I see now that I could have found GenericPrinciple by looking at the list of classes in its namespace, but that is not a general solution to this problem.

0
Matt_F
11/9/2005 5:43:08 PM
 Fredrik N wrote:

The following is an example how you can set the User object:

Context.User = new GenericPrincipal(new GenericIdentity(Request.ServerVariables["HTTP_PUBCOOKIE_USER"]));



This looked like it was working, but now that I have my custom RoleProvider, I am finding that in my GetRolesForUser() method, the username that is getting passed in is my personal logged in Windows id, not the value I have put into the Context.User.

I verified in the debugger that it is definitely hitting the code where I set Context.User before it calls the RoleProvider.GetRolesForUser, so I don't get it. Is some other User being used for checking Roles?
0
Matt_F
11/11/2005 1:11:51 AM
 Matt_F wrote:

This looked like it was working, but now that I have my custom RoleProvider, I am finding that in my GetRolesForUser() method, the username that is getting passed in is my personal logged in Windows id, not the value I have put into the Context.User.

I verified in the debugger that it is definitely hitting the code where I set Context.User before it calls the RoleProvider.GetRolesForUser, so I don't get it. Is some other User being used for checking Roles?


I see what is going on now -- setting the Context.User to a newly created GenericPrincipal per the suggestion above only sets it in the HttpContext for the currently active HttpRequest. It does not have any lasting impact on the session.

Is there a way to truly override the Context.User in a way that will stick? Or does one really truly have to use Windows authentication or Forms authentication in order to make use of the Roles functionality?
0
Matt_F
11/16/2005 1:38:22 AM
Reply:

Similar Artilces:

User object (System.Security.Principal.IPrincipal) in my web service does not reflect currently logged on user.
I am using Forms authentication, 3.5 framework. I am calling a web method from a web form page; here is my problem: For some reason the User object (System.Security.Principal.IPrincipal) in my web service does not reflect currently logged on user. I know I am logged in correctly when I call the web service method (which I call using BeginX...X()). The weird thing is, I have other services whos methods DO reflect the currently logged in user (although these are called using AutoComplete extender, don't know why one works and the other does not).Please help  http://www.geneangelo...

Web User Control to Web User Control...
Hi, I have 2 User controls on a page and want Control1 to call a method of Control2. Is this Possible? Example: Con1 = Datalist showing products, each with a Quantity Box and a Button. Con2 = Repeater showing Cart Preview (name, Price) in page.aspx. When I click on the button on the DataList in Con1 it adds the item into the Session based Cart. However it does not update the Cart Preview. I need to call BindPreview() in Con2 in order to update the Cart Preview... Does that make sense? argh! any help much appreciated! PeteWeb Design Nottingham, UK Well I can call BindPreview() from m...

Is possible assign role to user while creating user using UA
Hi, I have requirement that i wanted to assign the role to the user while creating user in IDM vault using Novell User Application whith Admin rights. Is there anyway to customize or integrate the role service portlets with create portlet.or Is it possible to assign role to user while creating user? if there is any otherway then please suggest me. IDM User Application version is 3.6.1. Thanks in advance, Suresh Patike -- sureshpatike ------------------------------------------------------------------------ On 05/17/2010 01:46 AM, sureshpatike wrote: > >...

RFC s/user Access->M/user web based system
Hi folks, I'm after general ideas and pointers for a project I'm likely to get lumbered with. At the moment we have a membership database written in access on a windows box. One person is responsible for keeping this up to date and then distributing the updated file for others to use - e.g. for mailshots. Now, with growing membership numbers, two people in seperate locations need to update the file, and more people are needing read access to it. Ideally, I would like to put some sort of web front end on it, hosted on one of my existing web servers - running standa...

Creating User Account Without Default Security Role (Registered User Role)
  My DNN version is 3.1.1. The portal is set to Private Registration. Unauthenicated users have access to the basic pages of the site. We require my company's current customers to register and be approved to have access to all other pages that contain information restricted to them (the major part of the site). As you know, authorizing a user account applys the Registered User security role by default and this is how I control access to the customer areas.  We want to create a page that will be used by Marketing to allow potential customers by login to...

create a user role to "create users"
Is it possible to create a user role so that i can assign users to create users. I don't want to give them access to the administrator role, just a role that will allow them to create new users. You could work around that by placing a user account module on a page only accessible by the role in question.The original registration would then be turned off or set to private.I think that's the easienst way of dealing with your problemHope that helpsLeif But if you add a Users Account module to a page, doesn't that just show the currently logged in user their details. Is there something i am...

Problem in accessing web form data in user controls when create user control dynamically
HI. I have a problem using web user control. I designed a user control named NewsForm. This user control contains some web form elements like <asp:textbox>. When I add it in an .ASPX page, all things may be true. I can know which user filles in textbox (for example and other controls) <%@ Register TagPrefix="uc1" TagName="NewsForm" Src="NewsForm.ascx" %> and <UC1:NewsForm id="newsForm" runat="server"></UC1:NewsForm> But when i create it in code behined dynamically, however user control has web form controls but their value are blank for example //aspx co...

System.Web.Security.Membership & anonymous users
To what extent does System.Web.Security.Memberhip provide functionality to implement anonymous users ?  ( including lifespan & ability to convert to permanent user )   Thanks....

Web Admin Tool--Security--Create New Users
I try to make a new user entry and in the admin tool and it gives me the error that the password needs to be at least 7 letters and contain at least one non-alphanumeric #.  I've tried various passwords that conform to this and it still gives me this error.  I don't know what the problem is??  Does anyone else? A simple password that conforms to this would be: pass!word1 Is that not working?-Stefan----------------------------------------------------------This posting is provided "AS IS" with no warranties, and confers no rights. That works, thanks....

User Control controls not created when dynamically creating user control
  Have created a user control for displaying and editing a dynamically number of values. The user control contains two labels and an edit box. When dynamically loading the user control I get an error when the control itself tries to change setting on the fields within the user control.   Why doesnt this work? It works okay if I dont load it dynamically but create a user-control-instance in the aspx-page but thats no solution.   Thankyou!     Here is my code:   ucDataValue.ascx   <%@ Control Language="C#" AutoEventWireup="true&...

Unable to create Users/Duplicat created users in SQL server
Hi all, I have a website, i am developing the site on a differant computer that the site is on, so i had to create each role provider personally. The problem is I created a REMOVE user page for admins only because i really didn't want to use visual studio everytime i needed to add or remove a user. now, i had duplicat users in my SQL database, so i tryed to delete them from the database table personally, bad ideai ended up having to go between PROFILE,USER, and MEMBERSHIP to delete each key. Any ideas how i can get my database back in order? maybe i will re aspnet_regsql.exe  it? a...

System.Web.Security Architecture
Hi!I'm concern about the fact that the security infrastructure of ASP.NET 2 does not support editing user or role names. I understant that this simplifies things very much. However the whole idea of Membership, Role and Profile providers under the System.Web.Security namespace is made useless if such a feature is essential for a specific implementation.While the whole infrastructure of System.Web.Security covers almost every aspect of this vital part of web application, the lack of another primary key for the objects of user and role, like user_ID and role_ID, seems to be...

How can i create new users without utilizing the create user wizard?
Hi, Is it possible for me to create new users without using the wizard? I am using a custom membership as i want to capture more data other than the ones which are available in the wizard. Is it possible for me to use the custom membeship create user method? If yes how can i call it ? What should i be giving the button_click event of my webpage where i capture the data? Thanks in advance Prady  You can call the CreateUser methods directly. They're available throughMembership.CreateUser(.....)If you have extra fields, not available in the CreateUser methods, you can add them to ...

Retrieving the new user ID after details have been created with Create New User Wizard
I've got a 'create new user' wizard set up with several additional wizard pages containing extra information. This information will be stored into the database when the CreatedUser event fires. However, I need to obtain the user ID of the newly created user. How can this be achieved? Assuming the user id is an Identity field that is generated in SQL, I would return the user id as an output parameter in your stored procedure and reference that parameter in your ASP.NET code.   I believe the code to get the identity value of a newly added record is: SELECT @myoutputp...

Web resources about - Possible to create a User other than System.Web.User? - asp.net.security

Is The Virginia GOP Trying To Sabotage Donald Trump’s Shot At A Primary Victory?
While it is widely held that politics makes for “strange bedfellows,” in the present election cycle, politics also seems to breed some rather ...

Weekend Box Office: ‘Star Wars: The Force Awakens’ Dominates, ‘Daddy’s Home’ Does Well
There should be no surprise that in its second weekend, Star Wars: The Force Awakens dominated the weekend box office once again. What may surprise ...

BALCO founder Victor Conte slams Al Jazeera PED report
USA TODAY BALCO founder Victor Conte slams Al Jazeera PED report USA TODAY Victor Conte, who was at the center of one of the biggest sports ...

New Two-Child Policy Officially Passes In China: Human Rights Groups Say It Isn’t Enough
After announcing a new two-child policy in China in October, the change in legislation has now been formally approved and will go into effect ...

AP News Guide: A Look at Fatal Police Shooting in Chicago
AP News Guide: A look at the double fatal police shooting in Chicago

Iraqi Forces Securing Ramadi After Ousting IS Fighters
Voice of America Iraqi Forces Securing Ramadi After Ousting IS Fighters Voice of America December 28, 2015 3:42 AM. Iraqi forces are carefully ...

11 Dead In Texas Storms That Spawned Tornadoes
Huffington Post 11 Dead In Texas Storms That Spawned Tornadoes Huffington Post Days of tumultuous weather have led to 43 deaths overall across ...

UK floods: North of England faces further misery after 'unprecedented' flooding inflicts chaos across ...
Residents and business owners in city centres across northern England face further misery tomorrow after “unprecedented” flooding transformed ...

Japan, South Korea Reach Historic Deal on Wartime 'Comfort Women'
NBCNews.com Japan, South Korea Reach Historic Deal on Wartime 'Comfort Women' NBCNews.com SEOUL, South Korea — The foreign ministers of South ...

Man Arrested on Suspicion of Burning Woman to Death
California man arrested on suspicion of pouring gas on woman, burning her to death

Resources last updated: 12/28/2015 9:39:33 AM