Chapter 34. How to Track Client Identity Using Thread.CurrentPrincipal

There's a simple pattern for using this property. Plumbing sets it, and application code reads it. The most common example of this is the ASP.NET plumbing that sets Thread.CurrentPrincipal.^[1] The page (application code) can then read the value any time it needs to make an authorization check against its client. Here's the basic idea.

// plumbing provided by a framework like ASP.NET
class Plumbing {
  ApplicationCode appCode;

  public void DoHeavyLiftingThenCallAppCode() {
    // plumbing...
    Thread.CurrentPrincipal = _authenticateUserSomehow();
    // more plumbing...

    appCode.RunBusinessLogic();
  }
}

// application code provided by developer (e.g., ASPX page) class ApplicationCode { public ...

Get The .NET Developer's Guide to Windows Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

The .NET Developer's Guide to Windows Security by

Chapter 34. How to Track Client Identity Using Thread.CurrentPrincipal

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly