4

Im getting really lost on how to use HttpContext.User. I read everywhere that its great for FormAutherication, but i just cant see how it works. If i do something like this:

ControllerContext.HttpContext.User = new GenericPrincipal(GetUser(username, password), roles);

What does ControllerContext.HttpContext.User contain? and how do i access information about the user this way?

Im think that i have a Action like this:

public User GetUser(string username, string password)
    {
        try
        {
            var user = (from u in dm.Users
                        join r in dm.Roles
                        on u.Role_ID_FK equals r.RoleID
                        where u.Username.Equals(username) && u.Password.Equals(password)
                        select u).Single();

            return user;
        }
        catch (Exception e)
        {
            return null;
        }
    }

And then if i want user information in my view, like the user name or role, i can call ControllerContext.HttpContext.User.Username in my View. But this is diffenrently the wrong way to look at it.

So can you guys give me a kick in the rigth direction or post a link to a site which can?

Improve this question
1
  • 1
    Have you checked the .Net documentation for the HttpContext object? That would be the first place I'd look. Commented Aug 26, 2009 at 15:33

2 Answers 2

Reset to default
9

I'm not sure exactly what you are trying to do with the code you posted, but here's some help with HttpContext.User. In layman's terms it represents the current user requesting the particular page, and actually within your Controller you can just reference it as "User" without the prefix.

User.Identity will let you know if the user is authenticated, and if so their username and how they authenticated (Forms or Windows).

It's generally used to get the username of the user requesting the page so your controller actions can perform the correct duties. Something like:

public ActionResult Index()
{
    //you should probably use the [Authorize] attribute on the Action Method
    //but you could check for yourself whether the user is authenticated...
    if (!User.Identity.IsAuthenticated)
         return RedirectToAction("LogIn");

    MyUser u = repository.GetUser(User.Identity.Name); //lookup user by username
    ViewData["fullname"] = u.FullName; //whatever...
    return View();
}

In this example, if the user hasn't been authenticated, they will be redirected to a LogOn page, and if they have been, the Action method is using the User.Identity.Name (which is the username they logged in with, or their Windows login) to lookup and return an instance of a MyUser object from your database and puts the user's full name in ViewData to be displayed.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

4

In your login code use:

FormsAuthentication.SetAuthCookie("userName", remeberMe);

to set the authenticated user, then you can use

<%= User.Identity.Name %>
<%= User.IsInRole("role") %>
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.