My.User.IsInRole vs Csla.ApplicationContext.User.IsInRoleMy.User.IsInRole vs Csla.ApplicationContext.User.IsInRole
Old forum URL: forums.lhotka.net/forums/t/4227.aspx
JohnB posted on Thursday, January 24, 2008
I have custom authentication wired up in my application and I was testing the different methods to check for IsInRole. Let me first state that when authenticating the user I set the Csla.ApplicationContext.User to my custom authenticated principal object like such:
'------------
Dim pPrincipal As DSPrincipal = New DSPrincipal(userIdentity)
Csla.ApplicationContext.User = pPrincipal
'------------
Public Property User() As IPrincipal
Get
If HttpContext.Current Is Nothing Then
Return Thread.CurrentPrincipal
Else
Return HttpContext.Current.User
End If
End Get
Set(ByVal value As IPrincipal)
If HttpContext.Current IsNot Nothing Then
HttpContext.Current.User = value
End If
Thread.CurrentPrincipal = value
End Set
End Property
If I call Csla.ApplicationContext.User.IsInRole, the code above will execute. If I call My.User.IsInRole, it does not.
Please correct me if I am wrong but my
understanding of using the Csla.ApplicationContext.User.IsInRole is
that it would work both in a WinForms app as well as in a Web app.
So is it safe to say that I should not use My.User.IsInRole within my business objects?
Thanks,
John
RockfordLhotka replied on Thursday, January 24, 2008
My.User is governed by a setting in the project properties dialog. If you are going to use custom principals, you need to tell VB that's what you are doing, otherwise it gives you the Windows principal.RockfordLhotka replied on Thursday, January 24, 2008
Oh, but it is true that you should NOT use My.User in a Class Library. It should only be used in a Windows Forms project. A business class library assembly could easily be used on a web server (and will be if you use a remote data portal) and then My.User is unreliable because it doesn't have (to my knowledge) the same logic as Csla.ApplicationContext.User to understand the different environment.JohnB replied on Thursday, January 24, 2008
Thanks!Copyright (c) Marimer LLC