CODEWITHSUNDEEP
c#asp.netasp.net-mvcauthentication
Ilya Loskutov
Ilya Loskutov

Reputation: 2201

Where is HttpContext.User property set initially?

HttpContext has a User property which treats IPrincipal type. From the documentation of MS I know the property might be set by Http-modules such as WindowsAuthenticationModule or FormsAuthenticationModule But, for example, this is code of WindowsAuthenticationModule:

 WindowsPrincipal user = context.User as WindowsPrincipal;
        if (user != null) {/* code... */}

it's interesting that if the condition is false (user is null or user has other type, not WindowsPrincipal) than WindowsAuthenticationModule return control (for intagrated mode pipeline of IIS). I have the following questions:

  1. After IIS authenticates the client (as anonymous or authenticated user, as it was configured) it will pass a security token to ASP.NET. Our application in any case wrapps this token in WindowsIdentity и WindowsPrincipal objects. It happens before authentication modules begin implementing. Is this true?

  2. If the 1 is true, where is HttpContext.User property set initially?

  3. If the 1 is true, when HttpContext.User is null? I guess it's might be if I configure Web.config :

    < authentication mode="None" />

Am I right?

Upvotes: 2

Views: 597

Answers (1)

DarkNinja955
DarkNinja955

Reputation: 197

In most cases, the HttpContext.User is set when the user is authenticated (not anonymously). I know that in FormsAuthentication this happens on FormsAuthentication.SetAuthCookie and the HttpContext.User is set to null when the client logs out and the cookie is cleared

Upvotes: 0

Related Questions