http.context.user 和 thread.currentprincipal 之间的区别以及何时使用它们? [英] difference between http.context.user and thread.currentprincipal and when to use them?
问题描述
我最近遇到了在 Visual Studio 2008 下运行 asp.net Web 应用程序的问题.我收到错误消息成员...customUserPrincipal 的类型未解析".跟踪各种讨论组,当您针对 Thread.CurrentPrincipal 分配自定义主体时,Visual Studio 的 Web 服务器似乎存在问题.
在我的代码中,我现在使用...
HttpContext.Current.User = myCustomPrincipal//Thread.CurrentPrincipal = myCustomPrincipal我很高兴我排除了错误,但这引出了一个问题:这两种设置委托人的方法有什么区别?".还有其他 stackoverflow 问题与差异,但他们没有深入探讨这两种方法的细节.
我确实找到了一篇引人入胜的帖子,其中有以下宏大的评论,但没有解释来支持他的断言......
<块引用>对所有用户使用 HttpConext.Current.User网络 (ASPX/ASMX) 应用程序.
对所有人使用 Thread.CurrentPrincipal其他应用程序,如 winForms,控制台和 Windows 服务应用程序.
你们中的任何一位安全/dot.net 专家能否对此主题有所了解?
在 webforms 应用程序下,我相信 Thread.CurrentPrincipal 将成为运行工作进程 (Thread) 的主体.>
HttpContext.Current.User 将是当前登录的网络用户.
在表单/wpf 应用程序的情况下,这是有道理的,因为您正在运行应用程序的用户是您感兴趣的用户.
你是想伪装工作进程还是登录用户?
I have just recently run into an issue running an asp.net web app under visual studio 2008. I get the error 'type is not resolved for member...customUserPrincipal'. Tracking down various discussion groups it seems that there is an issue with Visual Studio's web server when you assign a custom principal against the Thread.CurrentPrincipal.
In my code, I now use...
HttpContext.Current.User = myCustomPrincipal
//Thread.CurrentPrincipal = myCustomPrincipal
I'm glad that I got the error out of the way, but it begs the question "What is the difference between these two methods of setting a principal?". There are other stackoverflow questions related to the differences but they don't get into the details of the two approaches.
I did find one tantalizing post that had the following grandiose comment but no explanation to back up his assertions...
Use HttpConext.Current.User for all web (ASPX/ASMX) applications.
Use Thread.CurrentPrincipal for all other applications like winForms, console and windows service applications.
Can any of you security/dot.net gurus shed some light on this subject?
Under a webforms application I believe Thread.CurrentPrincipal will be the principal for whomever is running the worker process (Thread).
HttpContext.Current.User will be the current logged in web-user.
In the case of a forms/wpf app it makes sense because the user you're running the application under is the one you're interested in.
Are you trying to masquerade the worker process or the logged in user?
这篇关于http.context.user 和 thread.currentprincipal 之间的区别以及何时使用它们?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
