Menu
Can anyone briefly explain what is the use of GenericIdentity and where to use it.
420
GenericPrincipal(IIdentity, String[]) Initializes a new instance of the GenericPrincipal class from a user identity and an array of role names to which the user represented by that identity belongs.
ClaimsPrincipal exposes a collection of identities, each of which is a ClaimsIdentity. In the common case, this collection, which is accessed through the Identities property, will only have a single element.
In application code, ClaimsIdentity objects are typically accessed through ClaimsPrincipal objects; for example, the principal returned by Thread. CurrentPrincipal. The ClaimsPrincipal class has a Claims property as well. In the majority of cases you should access the user's claims through the ClaimsPrincipal.
GenericIdentity and GenericPrincipal are the simplest way of describing a user as a "principal". This can be used for implementation-unaware security checking in an application - i.e. if the user logs in as "Fred" with the "User" and "Admin" permissions:
string[] roles = { "User", "Admin" }; Thread.CurrentPrincipal = new GenericPrincipal( new GenericIdentity("Fred"), roles); You might do this at the point of client login to a winform, or there are specific points to do this in WCF, ASP.NET, etc.
Then later code, without having to know how those permissions are handled, can check that permission - either via IsInRole, or declaratively:
[PrincipalPermission(SecurityAction.Demand, Role = "Admin")] void SomeAdminFunction() { } Some useful utility code here is null-safe wrappers around principal/identity:
public static string GetUsername() { IPrincipal principal = Thread.CurrentPrincipal; IIdentity identity = principal == null ? null : principal.Identity; return identity == null ? null : identity.Name; } public static bool IsInRole(string role) { IPrincipal principal = Thread.CurrentPrincipal; return principal == null ? false : principal.IsInRole(role); } Then you might have some audit code in your DAL:
row.UpdatedBy = MyUtilityClass.GetUsername(); GenericPrincipal is useful for the simple cases of a plain username and set of known roles. More sophisticated principal implementations might, for example, do "on demand" access checking - i.e. until you ask for the "Foo" role it doesn't know - it then finds out (by talking to a web-service, database, active-directory, etc) and caches the result for future access. This is useful when the list of potential roles is large, and the number of roles typically queried in reality is small.
You can also use a principal to store extra identity information that is only needed in certain contexts - for example, a security token. Callers might test the principal with as to see if it supports the extra data.
Using "principal" is useful because your logic processing code can talk about identity, without having to know whether this is winforms, ASP.NET, WCF, a windows service, etc - it is abstract. Additionally, some 3rd party code will also talk to the principal.
As another example - I wrote some example code here that shows how to use the principal to control access to winform controls via the designer (via an IExtenderProvider - which puts extra entries into the property grid in VS).
51
You can use GenericIdentity as a concrete implementation of Identity where you want to supply the details yourself, programmatically, about the current user. Pretty good if you have identified and authenticated the user yourself, through other channels.
28
GenericIdentity class can be used in conjunction with the GenericPrincipal class to create an authorization scheme that exists independent of a Windows domain.
GenericIdentity myIdentity = new GenericIdentity("MyUser");
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
