difference between http.context.user and thread.currentprincipal and when to use them?

Posted by yamspog on Stack Overflow See other posts from Stack Overflow or by yamspog
Published on 2010-06-16T23:36:38Z Indexed on 2010/06/16 23:52 UTC
Read the original article Hit count: 239

Filed under:
|
|
|

I have just recently run into an issue running an asp.net web app under visual studio 2008. I get the error 'type is not resolved for member...customUserPrincipal'. Tracking down various discussion groups it seems that there is an issue with Visual Studio's web server when you assign a custom principal against the Thread.CurrentPrincipal.

In my code, I now use...

HttpContext.Current.User = myCustomPrincipal
//Thread.CurrentPrincipal = myCustomPrincipal

I'm glad that I got the error out of the way, but it begs the question "What is the difference between these two methods of setting a principal?". There are other stackoverflow questions related to the differences but they don't get into the details of the two approaches.

I did find one tantalizing post that had the following grandiose comment but no explanation to back up his assertions...

Use HttpConext.Current.User for all web (ASPX/ASMX) applications.

Use Thread.CurrentPrincipal for all other applications like winForms, console and windows service applications.

Can any of you security/dot.net gurus shed some light on this subject?

© Stack Overflow or respective owner

Related posts about c#

Related posts about ASP.NET