0

I am working on an intranet site with Windows Authentication for logins. However, I want to extend the IPrincipal to have other properties. For instance, I'd like to get the user's FirstName in @User.FirstName or User.AuthorizedActivity("Admin/Permissions/Edit") (would retrieve from db) using activities instead of roles to hide certain links, etc. I am really having a heck of a time figuring this out over the past 2 days and find much information doing this with Windows Authentication.

My CustomPrincipal and BaseViewPage setup:

namespace Intranet_v2.Helpers
{ 
    public interface ICustomPrincipal : IPrincipal
    {
        Guid UserGuid { get; set; }
        string FirstName { get; set; }
        string LastName { get; set; }
        string FullName { get; set; }
    }

    public class CustomPrincipal : ICustomPrincipal
    {
        public IIdentity Identity { get; private set; }
        public bool IsInRole(string role) { return false; }

        public CustomPrincipal(string identity)
        {
            this.Identity = new GenericIdentity(identity);
        }

        public Guid UserGuid { get; set; }
        public string FirstName { get; set; }
        public string LastName { get; set; }
        public string FullName { get; set; }
    }

    public class CustomPrincipalSerializeModel
    {
        public Guid UserGuid { get; set; }
        public string FirstName { get; set; }
        public string LastName { get; set; }
        public string FullName { get; set; }
    }

    public class BaseController : Controller
    {
        protected virtual new CustomPrincipal User
    {   
            get { return HttpContext.User as CustomPrincipal; }
        }
    }

    public abstract class BaseViewPage : WebViewPage
    {
        public virtual new CustomPrincipal User
        {
            get { return base.User as CustomPrincipal; }
        }
    }

    public abstract class BaseViewPage<TModel> : WebViewPage<TModel>
    {
        public virtual new CustomPrincipal User
        {
            get { return base.User as CustomPrincipal; }
        }
    }
}

Views Web.Config BaseViewPage:

<system.web.webPages.razor>
<host factoryType="System.Web.Mvc.MvcWebRazorHostFactory, System.Web.Mvc, Version=5.2.3.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<pages pageBaseType="Intranet_v2.Helpers.BaseViewPage">
  <namespaces>
    <add namespace="System.Web.Mvc" />
    <add namespace="System.Web.Mvc.Ajax" />
    <add namespace="System.Web.Mvc.Html" />
    <add namespace="System.Web.Optimization"/>
    <add namespace="System.Web.Routing" />
    <add namespace="Intranet_v2" />
  </namespaces>
</pages>

I think my main problem is I have no idea what to do in the protected void Application_PostAuthenticateRequest(object sender, EventArgs args) for my Global.asax.cs file. I have a poor attempt at setting it up here:

protected void Application_PostAuthenticateRequest(object sender, EventArgs args)
{
    //var application = (HttpApplication)sender;
    var context = application.Context;

    if (context.User != null || !context.User.Identity.IsAuthenticated) return;

    var formsIdentity = (FormsIdentity)context.User.Identity;

    if (formsIdentity == null) return;

    var ticket = formsIdentity.Ticket;


    JavaScriptSerializer serializer = new JavaScriptSerializer();

    CustomPrincipalSerializeModel serializeModel = serializer.Deserialize<CustomPrincipalSerializeModel>(ticket.UserData);

    CustomPrincipal newUser = new CustomPrincipal(ticket.Name);
    newUser.UserGuid = serializeModel.UserGuid;
    newUser.FirstName = serializeModel.FirstName;
    newUser.LastName = serializeModel.LastName;
    newUser.FullName = serializeModel.FullName;

    var values = ticket.UserData.Split('|');

    var roles = values[1].Split(',');

    context.User = new GenericPrincipal(new GenericIdentity(ticket.Name, "Forms"), roles);
}

Now I'm at the point where @User.Name is now null. I'm in way over my head on this. Any help is appreciated. My protected void Application_PostAuthenticateRequest(object sender, EventArgs args) is completely out of wack.

All I want to do is rely on Windows Authentication to do what it does normally and add a few extra properties to the HttpContext.Current.User. Any help is appreciated... I can't be the only one trying to do this.

justiceorjustus
  • 2,017
  • 1
  • 19
  • 42

1 Answers1

1

What I normally do is just request the additional user information later. For instance, using an Extension method like:

public static class PrincipalExtensions
{
   private static void Initialize(string userName)
   {
      var userRecord = //Get user information from DB;

      var session = HttpContext.Current.Session;
      if (session != null)
      {
         session.Add("UserID", userRecord.ID);
         session.Add("UserEmail", userRecord.Email);
         //And so on
      }
   }

   public static long? GetUserID(this IPrincipal user)
   {
      var id = HttpContext.Current.Session["UserID"] as long?;
      if (id == null)
        Initialize();

      return (long)HttpContext.Current.Session["UserID"];
   }
}

This is roughly what I implement in some of my projects; rather than tapping into the login process and store it in the cookie, the system can lazy load the information and cache in session when the information is needed.

Brian Mains
  • 50,520
  • 35
  • 148
  • 257
  • How do I get this to work so I can access ``GetUserID`` in a view, for example? I'd like to hide some elements from users lacking the correct permissions. – justiceorjustus May 15 '17 at 19:17
  • The idea is that GetUserID() is an extension method on the IPrincipal, so in a view, you have to make sure the namespace is available so that it can see the extension. It will then work like `this.User.GetUserID()`. – Brian Mains May 16 '17 at 15:32
  • Yes! It did, in fact, work in the view as it should have originally. I ran into the "hey, you made so many major changes in your project that intellisense is going to be a jerk" issue. Restarted Visual Studio and it picked it up in the view as expected. Thank you! – justiceorjustus May 16 '17 at 19:55