What is the difference between HttpContext.Current.User and System.Threading.CurrentPrincipal for an aspx page on a Windows 7 IIS running with Windows Authentication? What are the situations when these two will be different.
None in theory. For .NET, Thread.CurrentPrincipal is always the "goto" place to find out who the current user is. When ASP.NET was developed they wanted a slightly more convenient place to access this information, so they made HttpContext.User (and yes,
it is redundant). So they're always supposed to be in sync.
If you ever write any code to assign either of these, then you should set both. An example of this would be assiging roles for a user in Application_PostAuthenticateRequest. If you mess that up, then that's the scenario where these would not be the same
value and I would consider that a bug.
hc1
Member
199 Points
234 Posts
HttpContext.Current.User and System.Threading.CurrentPrincipal
Feb 25, 2012 10:54 AM|LINK
What is the difference between HttpContext.Current.User and System.Threading.CurrentPrincipal for an aspx page on a Windows 7 IIS running with Windows Authentication? What are the situations when these two will be different.
Thanks.
BrockAllen
All-Star
28134 Points
4997 Posts
MVP
Re: HttpContext.Current.User and System.Threading.CurrentPrincipal
Feb 25, 2012 02:20 PM|LINK
None in theory. For .NET, Thread.CurrentPrincipal is always the "goto" place to find out who the current user is. When ASP.NET was developed they wanted a slightly more convenient place to access this information, so they made HttpContext.User (and yes, it is redundant). So they're always supposed to be in sync.
If you ever write any code to assign either of these, then you should set both. An example of this would be assiging roles for a user in Application_PostAuthenticateRequest. If you mess that up, then that's the scenario where these would not be the same value and I would consider that a bug.
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/