Set HttpContext.User for the session

asp.net-mvc custom-authentication
10,009

Solution 1

Write the following method in the Global.asax's Application class

protected void Application_BeginRequest(Object sender, EventArgs e)
{
   HttpContext.Current.User = HttpContext.Session["CurrentUser"];
}

or you can use the "User" property of System.Web.Mvc.Controller that is inherited to your controllers (note: be sure to call FormsAuthentication.SetAuthCookie method when successfully validate your user login).

Solution 2

The best way to do this is to write a custom authentication module and to hook it into your application. This module will execute before any request and will have a chance to set the HttpContext.User property as appropriate.

For example, consider the Forms Authentication module. Before your HTTP handler runs (be it an .aspx page, the MVC pipeline, etc.), it has a chance to intercept the request. It reads the value of a login cookie, decrypts and verifies the encrypted cookie value, and sets HttpContext.User if the checks pass. That way, when the handler runs and actually processes the request, the User property has already been set correctly.

In the end, what this will look like is that you don't need a custom authorization attribute on ASP.NET, as the [Authorize] attribute already provided in-box should work automatically with your custom authentication module. However, your AccountController.LogOn() method (or whatever you use in lieu of this) will need to communicate with the appropriate authentication provider that generates the token that will be validated by the authentication module. This should be the only place you'd need to write code different than what is provided in-box.

See http://social.msdn.microsoft.com/Search/en-US?query=http%20modules and http://social.msdn.microsoft.com/Search/en-US?query=custom%20authentication%20asp.net for more information.

Share:
10,009
TomG
Author by

TomG

Updated on June 14, 2022

Comments

  • TomG
    TomG almost 2 years

    I've implemented custom authentication in ASP.NET MVC. If a valid user tries to login, I set the HttpContext.User = user in the Logon method of the AccountController. But it remains there for only that request. How can I set it for the session?

    I used an alternative, set HttpContext.Session["CurrentUser"] = user. If I want to see if the session is authorized, I'd have to check that the HttpContext.User != null. But, I don't want to expose the authentication logic everywhere in the application. If I need to change that, it'd be messy.

    Please help me solve this. One solution could be populating the HttpContext.User property of every request with the value of HttpContext.Session["CurrentUser"] at the beginning, but I don't know how to do it.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Custom AuthorizeAttribute with custom authentication
.net core 2.1 VS 2017 basic web api throwing "this site can't be reached"
Instance of 'Future<dynamic>' in Flutter
Modal Pop Up in mvc 5
414 (Request-URI Too Long)
System.Web.HttpContext.Current.get returned null in asp.net mvc controller
Use a shared controller class for entire area?
how to handle click or change event for radiobuttonfor in mvc3
How to render view in same page onclick of link in mvc
MVC3, Razor, Html.TextAreaFor(): adjust height to fit contents