Where should I be retrieving the user principal in an ASP.NET Web Forms app?

Question

Assuming a fairly general use case in an ASP.NET Web Forms application, where should I be retrieving my principal + identity?

I'm aware that there are generally two ways to go about it:

HttpContext.Current.User
Thread.CurrentPrincipal

I'm speculating that using HttpContext will run the risk of a current context not existing (i.e. HttpContext.Current == null) on some edge cases, but I more often see code that use this instead of Thread.CurrentPrincipal (which I assume is safer, as it should always exist?).

Why is this? What implications am I getting myself into if I pick one or the other?

Here you go: http://www.hanselman.com/blog/SystemThreadingThreadCurrentPrincipalVsSystemWebHttpContextCurrentUserOrWhyFormsAuthenticationCanBeSubtle.aspx — Simon Whitehead, Aug 01 '13 at 05:33
Awesome. If you'd like to wing that in as a formal answer, I'll gladly accept it. — Richard Neil Ilagan, Aug 02 '13 at 00:18

score 1 · Accepted Answer · answered Aug 02 '13 at 00:24

Rep whoring here I come :)

Mr. Hanselman has already blogged about this here: http://www.hanselman.com/blog/SystemThreadingThreadCurrentPrincipalVsSystemWebHttpContextCurrentUserOrWhyFormsAuthenticationCanBeSubtle.aspx

The basic idea is that 99% of the time.. they are the same.. although it's possible to change them.

Where should I be retrieving the user principal in an ASP.NET Web Forms app?

1 Answers1