ASP NET MVC - Set custom IIdentity or IPrincipal

Question

I need to do something fairly simple  in my ASP NET MVC application  I want to set a custom IIdentity   IPrincipal  Whichever is easier   more suitable  I want to extend the default so that I can call something like User Identity Id and User Identity Role  Nothing fancy  just some extra properties   I ve read tons of articles and questions but I feel like I m making it harder than it actually is  I thought it would be easy  If a user logs on  I want to set a custom IIdentity  So I thought  I will implement Application PostAuthenticateRequest in my global asax  However  that is called on every request  and I don t want to do a call to the database on every request which would request all the data from the database and put in a custom IPrincipal object  That also seems very unnecessary  slow  and in the wrong place  doing database calls there  but I could be wrong  Or where else would that data come from   So I thought  whenever a user logs in  I can add some necessary variables in my session  which I add to the custom IIdentity in the Application PostAuthenticateRequest event handler  However  my Context Session is null there  so that is also not the way to go   I ve been working on this for a day now and I feel I m missing something  This shouldn t be too hard to do  right  I m also a bit confused by all the  semi related stuff that comes with this  MembershipProvider  MembershipUser  RoleProvider  ProfileProvider  IPrincipal  IIdentity  FormsAuthentication     Am I the only one who finds all this very confusing   If someone could tell me a simple  elegant  and efficient solution to store some extra data on a IIdentity without all the extra fuzz   that would be great  I know there are similar questions on SO but if the answer I need is in there  I must ve overlooked

User · Answer

Here is a solution if you need to hook up some methods to @User for use in your views. No solution for any serious membership customization, but if the original question was needed for views alone then this perhaps would be enough. The below was used for checking a variable returned from a authorizefilter, used to verify if some links wehere to be presented or not(not for any kind of authorization logic or access granting).

using System;
    using System.Collections.Generic;
    using System.Linq;
    using System.Web;
    using System.Security.Principal;

    namespace SomeSite.Web.Helpers
    {
        public static class UserHelpers
        {
            public static bool IsEditor(this IPrincipal user)
            {
                return null; //Do some stuff
            }
        }
    }

Then just add a reference in the areas web.config, and call it like below in the view.

@User.IsEditor()

User · Answer

Here is an example to get the job done  bool isValid is set by looking at some data store  lets say your user data base   UserID is just an ID i am maintaining  You can add aditional information like email address to user data   protected void btnLogin Click object sender  EventArgs e                   Hard Coded for the moment     bool isValid true      if  isValid                  string userData   String Empty           userData   userData    UserID     userID           FormsAuthenticationTicket ticket   new FormsAuthenticationTicket 1  username  DateTime Now  DateTime Now AddMinutes 30   true  userData            string encTicket   FormsAuthentication Encrypt ticket            HttpCookie faCookie   new HttpCookie FormsAuthentication FormsCookieName  encTicket            Response Cookies Add faCookie              And send the user where they were heading          string redirectUrl   FormsAuthentication GetRedirectUrl username  false            Response Redirect redirectUrl              in the golbal asax add the following code to retrive your information  protected void Application AuthenticateRequest Object sender  EventArgs e        HttpCookie authCookie   Request Cookies               FormsAuthentication FormsCookieName       if authCookie    null                  Extract the forms authentication cookie         FormsAuthenticationTicket authTicket                   FormsAuthentication Decrypt authCookie Value              Create an Identity object           CustomIdentity implements System Web Security IIdentity         CustomIdentity id   GetUserIdentity authTicket Name             CustomPrincipal implements System Web Security IPrincipal         CustomPrincipal newUser   new CustomPrincipal            Context User   newUser            When you are going to use the information later  you can access your custom principal as follows     CustomPrincipal this User or   CustomPrincipal this Context User   this will allow you to access custom user information

User · Answer

Here s how I do it   I decided to use IPrincipal instead of IIdentity because it means I don t have to implement both IIdentity and IPrincipal    Create the interface  interface ICustomPrincipal   IPrincipal       int Id   get  set        string FirstName   get  set        string LastName   get  set       CustomPrincipal  public class CustomPrincipal   ICustomPrincipal       public IIdentity Identity   get  private set        public bool IsInRole string role    return false         public CustomPrincipal string email                this Identity   new GenericIdentity email              public int Id   get  set        public string FirstName   get  set        public string LastName   get  set       CustomPrincipalSerializeModel - for serializing custom information into userdata field in FormsAuthenticationTicket object   public class CustomPrincipalSerializeModel       public int Id   get  set        public string FirstName   get  set        public string LastName   get  set       LogIn method - setting up a cookie with custom information  if  Membership ValidateUser viewModel Email  viewModel Password         var user   userRepository Users Where u   gt  u Email    viewModel Email  First         CustomPrincipalSerializeModel serializeModel   new CustomPrincipalSerializeModel        serializeModel Id   user Id      serializeModel FirstName   user FirstName      serializeModel LastName   user LastName       JavaScriptSerializer serializer   new JavaScriptSerializer         string userData   serializer Serialize serializeModel        FormsAuthenticationTicket authTicket   new FormsAuthenticationTicket               1               viewModel Email               DateTime Now               DateTime Now AddMinutes 15                false               userData        string encTicket   FormsAuthentication Encrypt authTicket       HttpCookie faCookie   new HttpCookie FormsAuthentication FormsCookieName  encTicket       Response Cookies Add faCookie        return RedirectToAction  Index    Home       Global asax cs - Reading cookie and replacing HttpContext User object  this is done by overriding PostAuthenticateRequest  protected void Application PostAuthenticateRequest Object sender  EventArgs e        HttpCookie authCookie   Request Cookies FormsAuthentication FormsCookieName        if  authCookie    null                FormsAuthenticationTicket authTicket   FormsAuthentication Decrypt authCookie Value            JavaScriptSerializer serializer   new JavaScriptSerializer             CustomPrincipalSerializeModel serializeModel   serializer Deserialize lt CustomPrincipalSerializeModel gt  authTicket UserData            CustomPrincipal newUser   new CustomPrincipal authTicket Name           newUser Id   serializeModel Id          newUser FirstName   serializeModel FirstName          newUser LastName   serializeModel LastName           HttpContext Current User   newUser           Access in Razor views     User as CustomPrincipal  Id     User as CustomPrincipal  FirstName     User as CustomPrincipal  LastName     and in code        User as CustomPrincipal  Id      User as CustomPrincipal  FirstName      User as CustomPrincipal  LastName   I think the code is self-explanatory  If it isn t  let me know   Additionally to make the access even easier you can create a base controller and override the returned User object  HttpContext User    public class BaseController   Controller       protected virtual new CustomPrincipal User               get   return HttpContext User as CustomPrincipal              and then  for each controller   public class AccountController   BaseController                  which will allow you to access custom fields in code like this   User Id User FirstName User LastName   But this will not work inside views  For that you would need to create a custom WebViewPage implementation   public abstract class BaseViewPage   WebViewPage       public virtual new CustomPrincipal User               get   return base User as CustomPrincipal             public abstract class BaseViewPage lt TModel gt    WebViewPage lt TModel gt        public virtual new CustomPrincipal User               get   return base User as CustomPrincipal              Make it a default page type in Views web config    lt pages pageBaseType  Your Namespace BaseViewPage  gt     lt namespaces gt       lt add namespace  System Web Mvc    gt       lt add namespace  System Web Mvc Ajax    gt       lt add namespace  System Web Mvc Html    gt       lt add namespace  System Web Routing    gt     lt  namespaces gt   lt  pages gt    and in views  you can access it like this    User FirstName  User LastName

User · Answer

I can t speak directly for ASP NET MVC  but for ASP NET Web Forms  the trick is to create a FormsAuthenticationTicket and encrypt it into a cookie once the user has been authenticated  This way  you only have to call the database once  or AD or whatever you are using to perform your authentication   and each subsequent request will authenticate based on the ticket stored in the cookie   A good article on this  http   www ondotnet com pub a dotnet 2004 02 02 effectiveformsauth html  broken link   Edit   Since the link above is broken  I would recommend LukeP s solution in his answer above  https   stackoverflow com a 10524305 - I would also suggest that the accepted answer be changed to that one   Edit 2  An alternative for the broken link  https   web archive org web 20120422011422 http   ondotnet com pub a dotnet 2004 02 02 effectiveformsauth html

User · Answer

Based on LukeP s answer  and add some methods to setup timeout and requireSSL cooperated with Web config   The references links   MSDN  Explained  Forms Authentication in ASP NET 2 0 MSDN  FormsAuthentication Class SO   net Access Forms authentication    timeout    value in code   Modified Codes of LukeP  1  Set timeout based on Web Config  The FormsAuthentication Timeout will get the timeout value  which is defined in web config  I wrapped the followings to be a function  which return a ticket back   int version   1  DateTime now   DateTime Now      respect to the  timeout  in Web config  TimeSpan timeout   FormsAuthentication Timeout  DateTime expire   now Add timeout   bool isPersist   false   FormsAuthenticationTicket ticket   new FormsAuthenticationTicket       version                 name       now       expire       isPersist       userData     2  Configure the cookie to be secure or not  based on the RequireSSL configuration   HttpCookie faCookie   new HttpCookie FormsAuthentication FormsCookieName  encTicket      respect to  RequreSSL  in  Web Config  bool bSSL   FormsAuthentication RequireSSL  faCookie Secure   bSSL

User · Answer

All right  so i m a serious cryptkeeper here by dragging up this very old question  but there is a much simpler approach to this  which was touched on by  Baserz above   And that is to use a combination of C  Extension methods and caching  Do NOT use session    In fact  Microsoft has already provided a number of such extensions in the Microsoft AspNet Identity IdentityExtensions namespace   For instance  GetUserId   is an extension method that returns the user Id   There is also GetUserName   and FindFirstValue    which returns claims based on the IPrincipal   So you need only include the namespace  and then call User Identity GetUserName   to get the users name as configured by ASP NET Identity   I m not certain if this is cached  since the older ASP NET Identity is not open sourced  and I haven t bothered to reverse engineer it   However  if it s not then you can write your own extension method  that will cache this result for a specific amount of time

User · Answer

As an addition to LukeP code for Web Forms users  not MVC  if you want to simplify the access in the code behind of your pages  just add the code below to a base page and derive the base page in all your pages   Public Overridable Shadows ReadOnly Property User   As CustomPrincipal     Get         Return DirectCast MyBase User  CustomPrincipal      End Get End Property   So in your code behind you can simply access      User FirstName or User LastName   What I m missing in a Web Form scenario  is how to obtain the same behaviour in code not tied to the page  for example in httpmodules should I always add a cast in each class or is there a smarter way to obtain this   Thanks for your answers and thank to LukeP since I used your examples as a base for my custom user  which now has User Roles  User Tasks  User HasPath int    User Settings Timeout and many other nice things

User · Answer

I tried the solution suggested by LukeP and found that it doesn t support the Authorize attribute  So  I modified it a bit   public class UserExBusinessInfo       public int BusinessID   get  set        public string Name   get  set       public class UserExInfo       public IEnumerable lt UserExBusinessInfo gt  BusinessInfo   get  set        public int  CurrentBusinessID   get  set       public class PrincipalEx   ClaimsPrincipal       private readonly UserExInfo userExInfo      public UserExInfo UserExInfo   gt  userExInfo       public PrincipalEx IPrincipal baseModel  UserExInfo userExInfo            base baseModel                this userExInfo   userExInfo           public class PrincipalExSerializeModel       public UserExInfo UserExInfo   get  set       public static class IPrincipalHelpers       public static UserExInfo ExInfo this IPrincipal  this    gt    this as PrincipalEx   UserExInfo           HttpPost       AllowAnonymous       ValidateAntiForgeryToken      public async Task lt ActionResult gt  Login LoginModel details  string returnUrl                if  ModelState IsValid                        AppUser user   await UserManager FindAsync details Name  details Password                if  user    null                                ModelState AddModelError      Invalid name or password                               else                               ClaimsIdentity ident   await UserManager CreateIdentityAsync user  DefaultAuthenticationTypes ApplicationCookie                   AuthManager SignOut                    AuthManager SignIn new AuthenticationProperties   IsPersistent   false    ident                    user LastLoginDate   DateTime UtcNow                  await UserManager UpdateAsync user                    PrincipalExSerializeModel serializeModel   new PrincipalExSerializeModel                    serializeModel UserExInfo   new UserExInfo                                         BusinessInfo   await                         db Businesses                          Where b   gt  user Id Equals b AspNetUserID                            Select b   gt  new UserExBusinessInfo   BusinessID   b BusinessID  Name   b Name                             ToListAsync                                       JavaScriptSerializer serializer   new JavaScriptSerializer                     string userData   serializer Serialize serializeModel                    FormsAuthenticationTicket authTicket   new FormsAuthenticationTicket                           1                           details Name                           DateTime Now                           DateTime Now AddMinutes 15                            false                           userData                    string encTicket   FormsAuthentication Encrypt authTicket                   HttpCookie faCookie   new HttpCookie FormsAuthentication FormsCookieName  encTicket                   Response Cookies Add faCookie                    return RedirectToLocal returnUrl                                   return View details           And finally in Global asax cs      protected void Application PostAuthenticateRequest Object sender  EventArgs e                HttpCookie authCookie   Request Cookies FormsAuthentication FormsCookieName            if  authCookie    null                        FormsAuthenticationTicket authTicket   FormsAuthentication Decrypt authCookie Value               JavaScriptSerializer serializer   new JavaScriptSerializer                PrincipalExSerializeModel serializeModel   serializer Deserialize lt PrincipalExSerializeModel gt  authTicket UserData               PrincipalEx newUser   new PrincipalEx HttpContext Current User  serializeModel UserExInfo               HttpContext Current User   newUser                    Now I can access the data in views and controllers simply by calling  User ExInfo     To log out I just call  AuthManager SignOut      where AuthManager is  HttpContext GetOwinContext   Authentication

User · Answer

MVC provides you with the OnAuthorize method that hangs from your controller classes  Or  you could use a custom action filter to perform authorization  MVC makes it pretty easy to do  I posted a blog post about this here  http   www bradygaster com post custom-authentication-with-mvc-3 0

[asp.net] ASP.NET MVC - Set custom IIdentity or IPrincipal

Examples related to asp.net

Examples related to asp.net-mvc

Examples related to forms-authentication

Examples related to iprincipal

Examples related to iidentity