September 2004
Intermediate to advanced
408 pages
7h 25m
English
Content preview from The .NET Developer's Guide to Windows SecurityBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Chapter 33. What Is Thread.CurrentPrincipal?
This humble static property of the Thread class is central to the way role-based security works in the .NET Framework, as I show in Item 34. It's used as a simple channel for communicating client identity and authorization information from plumbing to application developers. (Authentication is tricky, so we let frameworks like ASP.NET do this heavy lifting for us, and then we look for the results via this property.) Think of Thread.CurrentPrincipal as simply a hook that each thread exposes on which we can hang a user identity. It's just extra context information that the runtime helps us track.
I gave a security talk at Tech Ed 2003 in Dallas, and while I was there, a training company asked me to post ...