Why store HttpContext.Current.User in session

Why store HttpContext.Current.User in session

Old forum URL: forums.lhotka.net/forums/t/4842.aspx


vdhant posted on Wednesday, May 14, 2008

Hi guys

Just a quick question. This isn't strictly related to CSLA and is probably more .net in general but my question is as follows.

When you use forms authentication, we don’t need to store the HttpContext.Current.User in the session ourselves or anything like, .net takes care of remember what role the user is a part of and whether they are authenticated.

When it comes to using your own custom authentication (i.e. PTPrincipal) it remebers between postback that the object type that is in HttpContext.Current.User is PTPrincipal but it doesn't remember wether the user is authenticated or what roles they are in. It is for this reason why I am assuming that in ProjectTracker web the HttpContext.Current.User is pulled in and out of the session.

So why does this occur like this. Why doesn't it store the fact that the user is authenticated like in forms authentication but it stores why type in in HttpContext.Current.User between postbacks.

Cheers
Anthony

vdhant replied on Thursday, May 15, 2008

Anyone got any ideas.

Copyright (c) Marimer LLC