Losing user roles

Losing user roles

Old forum URL: forums.lhotka.net/forums/t/10718.aspx

ballistic posted on Tuesday, September 27, 2011

I have an MVC app with my own custom principal (inherit from CslaPrincipal) and custom identity (since I need to do some extra validation to see if member is allowed to log in).  

When the member logs in, I write the forms auth cookie, which is then read it on each request (Application_OnAuthenticateRequest in Global.asax)

        protected void Application_OnAuthenticateRequest(Object sender, EventArgs e)


            var authHttpCookie = Request.Cookies.Get(FormsAuthentication.FormsCookieName);  // Grab the user's login information from FormsAuth

            if (authHttpCookie == null) return; // If the cookie can't be found, then the ticket was not issued, so exit. No need to continue.


            var formAuthTicket = FormsAuthentication.Decrypt(authHttpCookie.Value);

            var userIdentity = new FormsIdentity(formAuthTicket);  //Note: formAuthTicket.Name contains the Username; formAuthTicket.UserData contains the list of roles

            MediaNaranja.Library.DomainObjects.Security.MnPrincipal.Load(userIdentity.Name, formAuthTicket.UserData);



My load method in Principal creates the identity and parses the list of roles (they are saved as csv). It then sets the user to the newly created principal


                var principal = new GenericPrincipal(mnIdentity, rolesArray);

                Csla.ApplicationContext.User = principal;


Right after I call the load method from Application_OnAuthenticateRequest the expression Csla.ApplicationContext.User.IsInRole("MEMBER") evaluates to true.  On the same page request when I set a breakpoint in the home controller and check IsInRole("MEMBER") it evaluates to false.

I am lost as to where the roles are being lost. Any suggestions?

ballistic replied on Tuesday, September 27, 2011

According to this answer on Stack Overflow , I need to set the Thread.CurrentPrincipal and Context.User.


I wanted to rely strickly on Csla.ApplicationContext.User. Doesn't Csla.ApplicationContext.User set both Principal and User?

RockfordLhotka replied on Tuesday, September 27, 2011

Do you reference Csla.Web.dll from your UI project? You must do this.

The ApplicationContext.User property does the "right thing", but the right thing is different in ASP.NET vs WPF vs SL vs pure .NET.

We supply a "User property provider" for different environments. For example, Csla.Web.dll includes a provider that does the "right thing" in ASP.NET.

But you need to have that assembly in your bin folder for CSLA to find the code.

ballistic replied on Tuesday, September 27, 2011

That was it!! Thank you Rocky.

RockfordLhotka replied on Tuesday, September 27, 2011

Shameless plug: this is covered in the Using CSLA 4: ASP.NET MVC ebook :)

tinchobolivar replied on Thursday, December 13, 2012

Rocky, I have a similar issue with a WPF aplication in .NET 4. Actually a 3 TIER app, with DataPortal running on IIS with WFC.

I'am using CSLA V and everything works fine.

But after updating to CSLA 4.3.13 i have runtime errors because i "lost" the auntenthicated identity.
Is you said before, I tryed referencing "Csla.Windows.dll" to get the correct "User property provider" but i get the same error.

Funny thing is that my code works perfectly with CSLA

Note: I've tryed downloading last version CSLA 4.5 but installer fails on Windows 8. Dont know if is a problem with my pc... I'll continue testing.

Any thoughts?

Thanks a lot




tinchobolivar replied on Thursday, December 13, 2012

Rocky, referencing Csla.Xaml.dll did the trick!

Thanks a lot anywhere...



Copyright (c) Marimer LLC