3

I am confused as to whether or not it is safe to set the Thread.CurrentPrincipal equal to the signed in user in an MVC application i.e. so that I can perform authorization checks in my service layer?

This stackoverflow post recommends doing this.... but in this post the author suggests that there are issues with setting Thread.CurrentPrincipal. What exactly are these issues?

Also would I need to set the Thread.CurrentPrincipal for every request made by a logged in user?

Community
  • 1
  • 1
Cool Breeze
  • 1,289
  • 11
  • 34
  • What kind of authentiaction are you using? – Daniel Oliveira Jun 10 '15 at 00:35
  • Forms based authentication using asp.net identity. Also using external providers e.g. facebook. – Cool Breeze Jun 10 '15 at 04:49
  • I think the first question is kind of subjective. Personally, I see no problem in use CurrentPrincipal in the service layer. Are Thread.CurrentPrincipal null in your debug? The ASP .NET Identity should already set it for you, if I'm not wrong. – Daniel Oliveira Jun 10 '15 at 14:32

0 Answers0