Autopostback=true for AJAX combo box breaks CSLA authentication

Autopostback=true for AJAX combo box breaks CSLA authentication

Old forum URL: forums.lhotka.net/forums/t/7576.aspx

joansk8s posted on Friday, September 04, 2009

I'm new to CSLA and am using version 3.7 in a web application for our Intranet.  I have a web form that includes an AJAX Combobox.  The idea is that when a particular value is selected, it should make another control visible.  To do this, I need to set Autopostback=True for the control.  However, it breaks the CSLA authentication I have in place.  The error I get is as follows:

Type is not resolved for member 'HD.Lib.Security.HDPrincipal,HD.Lib, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null'

If I take the authentication code (below) out of my form, it works fine.  Alternately, if I leave the authentication code in and take out the Autopostback=True, it works fine as well.  Any insights?

Dim oIdentity As Security.HDIdentity
Randomize()

'this assigns the BusinessPrincipal object to My.User.CurrentPrincipal
Dim s As String = User.Identity.Name.Substring(IIf(User.Identity.Name.IndexOf("\") < 0, 0, User.Identity.Name.IndexOf("\") + 1))
Security.HDPrincipal.Login(s)
oIdentity = Security.HDIdentity.GetObject

If oIdentity.IsAuthenticated Then
    Me.ltUserMessage.Text = "Welcome " & Security.HDIdentity.GetObject.Name.ToString & "!<br /><br />"
    Me.ltError.Text = ""
    Session("UserID") = Security.HDIdentity.GetObject.UserID
    sUserName = Security.HDIdentity.GetObject.Name.ToString
Else
   Me.ltUserMessage.Text = ""
   Me.ltError.Text = "Sorry, you do not have access to use this application.  Access is Denied"
   Exit Sub
End If


RockfordLhotka replied on Friday, September 04, 2009

Sometimes AJAX callbacks skip the normal ASP.NET page lifecycle - not setting up things like Session or principal objects.

Obviously this affects any authz model, not just the CSLA model - because CSLA is just using the normal .NET model :)

In many cases there's an attribute or something you can add to your AJAX service to specify that it does need things like Session and a valid principal, so the page lifecycle is invoked on the callback.

Copyright (c) Marimer LLC