Hi,
I'm doing some research on MVC and started by following instructions from Using CSLA 4: ASP.Net MVC E-Book...
Right after login process, AuthenticateRequest event is raised on Global.asax which is fine, but the thing is that at this point, the Csla.ApplicationContext.User object is always Empty, even when login ends up right.
Any idea ?
Thanks in advance!
Jean Paul
You have to set Csla.ApplicationContext.User to a value in global.asax, it is not automatic.
As you know, web servers don't maintain anything in memory from page request to page request (unless you use Session). So at the start of each page request, it is entirely up to you to restore values like ApplicationContext.User to a meaningful value.
Thanks Rocky,
I finally got there somehow... But I'm still confused about this specific section of the Ebook. (Revision: 0.2 (Draft))
Chapter 3 Page 86:
The Global.asax.cs file contains the following code:
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
if (Csla.ApplicationContext.User != null &&
Csla.ApplicationContext.User.Identity.IsAuthenticated &&
Csla.ApplicationContext.User.Identity is FormsIdentity)
{
ProjectTracker.Library.Security.PTPrincipal.Load(Csla.ApplicationContext.User.Identity.Name);
}
}
If Csla.ApplicationContext.USer will always be null, What's the point of this piece of code?
I did this (In Visual Basic):
Private Sub MvcApplication_AuthenticateRequest(sender As Object, e As System.EventArgs) Handles Me.AuthenticateRequest
Dim authCookie As HttpCookie = Request.Cookies(FormsAuthentication.FormsCookieName)
If authCookie IsNot Nothing Then
Dim ticket As FormsAuthenticationTicket = FormsAuthentication.Decrypt(authCookie.Value)
If ticket IsNot Nothing AndAlso ticket.Name <> String.Empty Then
MultiCob.Infrastructure.Security.MultiCobPrincipal.Load(ticket.Name)
End If
End If
End Sub
It won't always be null. It can be a principal that points to a FormsIdentity if your web site is configured to use forms authentication.
If you configure your web site to use forms authentication then ASP.NET will automatically create a super-small FormsIdentity object for your app. It will also automatically recreate this identity object on each page request by pulling the user id out of the ASP.NET authentication cookie.
Of course this FormsIdentity is basically useless to you because it won't have your roles or other custom data. But it will have the username, so you can use that to recreate your own identity object.
And this will only exist at all if you are using forms authentication, otherwise ASP.NET won't instantiate the object at all.
Well... That's not entirely true either, because you can also configure ASP.NET to do impersonation, in which case it would be a WindowsIdentity.
OK, but basically there's no loss in my approach... I mean, I'm doing "by hand" what the best configuration scenario might offer me in this case.
Do you agree?
Thanks for your time and cooperation!
Yes, right.
Copyright (c) Marimer LLC