Lifetime of Principal on Thread in ASP .NET

Hot Topic

Storing a generic class in a dictionary
Possible operations on image using C#
returning fields from SWbemObject
what is .net 2.0 frame work?
Difference betwwen .net Remoting and Socketing
Retrieving data from Excell 2003 - Could not find installable ISAM.
AVOID THE ?DO YOU WANTO TO REPLACE IT?? QUESTION
syntax error- insert into statement!!!
Web Service has no dll generated
AssemblyLoad event being fired on GetTypes call

.NET Development

Trouble updating
CONFUSED
dll form behaving like an MDI Child form.
TransactionScope with Microsoft Access
OracleClient and TransactionScope Problem
WebProxy: how to check Bypass List (registry settings ProxyOverride)
How to compile SimpleSnapIn sample in MMC 3.0 on Win2k3 R2 using VStudio 2005?
App config setting to force 32 bit execution for .Net 2.0 apps
what's the difference between properties and accessor methods/ member variables?
Storing binary data in MS Access database -- what do you think?

Lifetime of Principal on Thread in ASP .NET

Folks,

If I assign a custom IPrincipal to Thread.CurrentPrincipal in an ASP .NET app, does that thread get recycled and used for another request for potentially another user Should I clear the principal from the thread at the end of the request

Thanks,
Scott

Answer this question

Lifetime of Principal on Thread in ASP .NET

  • ggsubscribe

    As far as I know the threads principal is restored to its initial value as one of the final steps at the end of processing the HTTP request.

  • cassiobaurutil

    Yes you should never assume that each request gets the same thread. Therefore you should set the security context at the beginning of each page request. In ASP.NET v1.1 this was the defacto way to get security settings working. In v2.0 I believe the ASP.NET Membership API now does a similar thing.

    As far as clearing the thread goes you could reset it but in general you shouldn't be running under a high privilege account anyway. In general if you need to upgrade a user's account to perform a privileged operation it is done inside a try-finally block to ensure the account gets reset. Whether ASP.NET automatically resets I don't know. If you are using Windows authentication then it is probably resetting at each page request. For forms authentication it will simply run under the ASPNET (or appropriate) account. Therefore you shouldn't be changing the principal anyway.

    Michael Taylor - 12/13/06
  • Lifetime of Principal on Thread in ASP .NET
Answer this question