What is Thread.CurrentPrincipal used for? How does it help in the Authentication and Authorization of an application? Are there any articles or resources that help explain what it does?
Asked
Active
Viewed 1.8k times
31
KyleMit
- 30,350
- 66
- 462
- 664
user1844634
- 1,221
- 2
- 17
- 35
1 Answers
31
Thread.CurrentPrincipal is the way .NET applications represent the identity of the user or service account running the process.
It can hold one or more identities and allows the application to check if the principal is in a role through the IsInRole method.
Most authentication libraries in .NET will verify the user's credentials and set this static property on the Thread class to a new principal object.
Different threads can have different principals as they may be handling requests from different users (in ASP.NET web applications HttpContext.User is copied into Thread.CurrentPrincipal for each new request)
Since .NET 4.5, all principal classes derive from ClaimsPrincipal, enabling claims based authentication.
UPDATE:
This is what a WindowsPrincipal looks like on my dev box:
MvdD
- 22,082
- 8
- 65
- 93
-
Suppose if a user is logged into the application using windows authentication. how we can represent the Thread.CurrentPrincipal . What all are properties it contains. – user1844634 Jan 23 '16 at 18:36
-
The Thread.CurrentPrincipal will be populated with a WindowsPrincipal object. It contains among other claims things like the UPN and groups the principal is a member of. – MvdD Jan 23 '16 at 19:52
-
Could u elaborate bit more please – user1844634 Jan 24 '16 at 08:04
-
Not sure what you're looking for. I've added a picture of a WindowsPrincipal from a ASP.NET app I threw together. You can easily experiment with this yourself if you have a machine with Visual Studio in a Active Directory domain. Just create a new ASP.NET MVC app and change the authentication to Windows authentication. – MvdD Jan 24 '16 at 22:58