How is User Identity | Principal set during the application lifecycle

Question

In ASP.NET (MVC and WebAPI), how is the User Identity object initialized with the data from the FormsAuthentication cookie?

What I want to do is to use 2 types of authentication, cookie based and a custom header based one. Since the AuthorizeAttribute class only checks the User.Identity.IsAuthorized() method and uses no code specific to FormsAuthentication, then that means all I have to do is to manually setup the User.Identity object, whether in the global.asax or in a DelegatingHandler.

So, how do I setup User.Identity? How does the framework automatically set it up using FormsAuthentication?

score 1 · Accepted Answer · edited May 23 '17 at 12:33

1

Here is a related answer.

Identity can be set in a handler, in a module, or in Global.asax. You can modify it at any point in the request lifecycle, but usually the best place to do it is in PostAuthenticateRequest. At this point, FormsAuthentication has done it's work and you can augment or replace the HttpContext.Current.User.

edited May 23 '17 at 12:33

Community

1
1

answered Apr 27 '12 at 15:13

Joe Enzminger

11,110
3
50
75

1

So based on what Aliostad said, once I set up the identity, if they add `User.Controller`, the identity will carry across to that? – Shawn Mclean Apr 27 '12 at 16:13

score 0 · Answer 2 · answered Apr 27 '12 at 15:25

0

ASP.NET MVC Controller has a Controller.User but Web API does not have one. It is currenty being requested to be put in.

answered Apr 27 '12 at 15:25

Aliostad

80,612
21
160
208

1

I can do: `HttpContext.Current.User` – Shawn Mclean Apr 27 '12 at 15:48
@Lolcoder That is not great. It is a hang-over from the static/thread storage area days of the past. **It cannot be unit tested**. – Aliostad Apr 27 '12 at 15:51

How is User Identity | Principal set during the application lifecycle

2 Answers2