posted on Wednesday, November 03, 2004 6:48 PM
by
scotts
My.User.IsInRole thread versus httpcontext
I'm noticing a strange behavior with the My.User.IsInRole. I have a 2005 solution with an asp.net web project and a vb.net class library project. The class library contains business objects, and does not reference system.web. The web app obviously does. When I call My.User.IsInRole(”SomeRole”) directly from code written in the web project I correctly get a True for the given User/Role. My web project references the class library and calls upon BO's to do some work. Inside a BO, I also use My.User.IsInRole(”SomeRole”) to check authorization on something before proceeding. When I call My.User.IsInRole from the class library, I get false.
Immediately, the one difference that comes to mind is context. The web app is the overall app domain, and because it is a web app, My.User.IsInRole must be relying on HttpContext.Current.User, while the class library does not reference system.web. I would assume that behind the scenes, My.User must be relying on Threading.Thread.CurrentPrincipal. So with this thought in mind I added a reference to system.web to the class library and set a breakpoint at the line where I was calling My.User.IsInRole. I then entered the immediate window and typed ?Threading.Thread.CurrentPrincipal.IsInRole(”SomeRole”) and got back false. I then entered ?Httpconext.Current.User.IsInRole(”SomeRole”), and sure enough I got back True??? Both returned the same User, so it's not just a matter of the active thread not getting the user set from the httpcontext. So, both returned the same User, but for some reason the User's Roles were not getting set on the User account on the thread...very odd.
To temporarily work around this, I added a line to the global.asax during the AcquireRequestState to set the Threading.Thread.CurrentPrincipal = HttpContext.Current.User. This appears to have temporarily done the trick.
I'll need to research this one a little more, but looks like there might be something odd going on. I did a quick newsgroup search, but didn't see anything similiar. Has anybody else out there seen anything similiar to this with Whidbey beta? As a note, I'm using the default Access Membership Security DB created by Visual Studio.