CSLA 2.1.4 (C#): Custom Security

CSLA 2.1.4 (C#): Custom Security

Old forum URL: forums.lhotka.net/forums/t/3168.aspx

cjherasmus posted on Wednesday, July 11, 2007

Hi,

Instead of logging into the application as described in the book, I've changed my application to have the user log in before the application starts. I'm running everything on a pc as stand-alone like in the book.

Everything seems to be working and the user logging in is correctly authenticated, etc.

However, I would like to display user info as does the book, but the line:

System.Security.Principal.IPrincipal user = CSLA.ApplicationContext.User;

does not return the current logged in user info that was successfully authenticated, but returns null for Name and False for IsAuthenticated and no value for AuthenticationType.

If I understand correctly, running everything local, means I run outside ASP.NET, therefor I will not use HTTPContext. I've debugged and found this to be true when going through the User property in CSLA.ApplicationContext.

if (HttpContext.Current == null)

yields true and therefor Thread.CurrentPrincipal is returned. When I have a look at the Name, IsAuthenticated and AuthenticationType properties during debugging, there are no values and IsAuthenticated is false. This means that at this point the Thread.CurrentPrincipal has not been initialized or lost it's data.

How can this happen ?

Regards,

RockfordLhotka replied on Wednesday, July 11, 2007

The .NET principal object is per-thread. So if you log in the user "before the application starts" then, by definition, you've set the principal on some other thread (in another process no less).

cjherasmus replied on Thursday, July 12, 2007

Hi Rocky,

My Main() looks like this:

static void Main()
{
  Application.EnableVisualStyles();
  Application.SetCompatibleTextRenderingDefault(false);
  LoginForm login = new LoginForm();
  if (login.ShowDialog() == DialogResult.OK)
 {
   Application.Run(new MainForm());
 }
 else
 {
   Application.Exit();
 }
}

surely, the LoginForm is part of the application and should be running on the same thread.

I assume then that ApplyAuthorizationRules() would also not work because I would not be able to access the current user id from CSLA.ApplicationContext.User.

Regards,

RockfordLhotka replied on Thursday, July 12, 2007

Hmm, then I don’t know the answer.

 

There should be no thread switch involved, so that shouldn’t be the issue.

 

Perhaps Application.Run() clears the principal object before launching the app?

 

I know in VB, the application object has settings that control whether you are using a Windows or custom principal. I didn’t think C# had that feature, but perhaps it does?

 

Rocky

 

From: cjherasmus [mailto:cslanet@lhotka.net]
Sent: Thursday, July 12, 2007 12:49 AM
To: rocky@lhotka.net
Subject: Re: [CSLA .NET] CSLA 2.1.4 (C#): Custom Security

 

Hi Rocky,

My Main() looks like this:

static void Main()
{
  Application.EnableVisualStyles();
  Application.SetCompatibleTextRenderingDefault(false);
  LoginForm login = new LoginForm();
  if (login.ShowDialog() == DialogResult.OK)
 {
   Application.Run(new MainForm());
 }
 else
 {
   Application.Exit();
 }
}

surely, the LoginForm is part of the application and should be running on the same thread.

I assume then that ApplyAuthorizationRules() would also not work because I would not be able to access the current user id from CSLA.ApplicationContext.User.

Regards,



cjherasmus replied on Friday, July 13, 2007

Rocky,

Not to worry. I found the problem. I made a stupid mistake when I re-indented the CSLA.ApplicationContext class to fit our coding standards and guidelines. It is working now.

Thanks for your time, I appreciated it.

Regards,

PS: Maybe, one day I'll send you a slide-show of how I'm using CSLA in a scientific environment. It's quite hectic coding.

Copyright (c) Marimer LLC