My.User.IsInRole vs Csla.ApplicationContext.User.IsInRole

My.User.IsInRole vs Csla.ApplicationContext.User.IsInRole

Old forum URL: forums.lhotka.net/forums/t/4227.aspx

JohnB posted on Thursday, January 24, 2008

I have custom authentication wired up in my application and I was testing the different methods to check for IsInRole. Let me first state that when authenticating the user I set the Csla.ApplicationContext.User to my custom authenticated principal object like such:
'------------
Dim pPrincipal As DSPrincipal = New DSPrincipal(userIdentity)
Csla.ApplicationContext.User = pPrincipal
'------------

Public Property User() As IPrincipal
    Get
      If HttpContext.Current Is Nothing Then
        Return Thread.CurrentPrincipal
      Else
        Return HttpContext.Current.User
      End If
    End Get
    Set(ByVal value As IPrincipal)
      If HttpContext.Current IsNot Nothing Then
        HttpContext.Current.User = value
      End If
      Thread.CurrentPrincipal = value
    End Set
  End Property

If I call Csla.ApplicationContext.User.IsInRole, the code above will execute. If I call My.User.IsInRole, it does not.

Please correct me if I am wrong but my understanding of using the Csla.ApplicationContext.User.IsInRole is that it would work both in a WinForms app as well as in a Web app.

So is it safe to say that I should not use My.User.IsInRole within my business objects?

Thanks,
John

RockfordLhotka replied on Thursday, January 24, 2008

My.User is governed by a setting in the project properties dialog. If you are going to use custom principals, you need to tell VB that's what you are doing, otherwise it gives you the Windows principal.

RockfordLhotka replied on Thursday, January 24, 2008

Oh, but it is true that you should NOT use My.User in a Class Library. It should only be used in a Windows Forms project. A business class library assembly could easily be used on a web server (and will be if you use a remote data portal) and then My.User is unreliable because it doesn't have (to my knowledge) the same logic as Csla.ApplicationContext.User to understand the different environment.

JohnB replied on Thursday, January 24, 2008

Thanks!

Copyright (c) Marimer LLC