NGWS SDK Documentation  

This is preliminary documentation and subject to change.
To comment on this topic, please send us email at ngwssdk@microsoft.com. Thanks!

Directly Accessing a Principal Object

Although using imperative and declarative demands to invoke role-based security checks is the primary mechanism for checking and enforcing identity and role membership, there might be cases where you want to access the Principal object and its associated Identity object directly so that you can do authorization tasks without creating permission objects. In these cases, you can use the static CurrentPrincipal property on the Thread class to get access to the Principal object and call its methods.

Note: The CurrentPrincipal property is set using the following call:

CallContext.SetData(principalName, principalObject).

After you get the principal object, you can use conditional statements to control access to your code based on the principal name as follows:

p = Thread.CurrentPrincipal;
If (p.Identity.Name == "fred") 
// Permit access to some code

You can also programmatically check role membership by calling the IsInRole method on the current Principal object.

p = Thread.CurrentPrincipal;
If (p.IsInRole("Administrator")) 
// Permit access to some code

Accessing the Principal object directly might be a good choice when you need to obtain the Principal object so that you can call Principal.Impersonate. Or, you might use this technique when you want to access behaviors that are specific to an application-defined Principal object. However, in most cases, you would use the PrincipalPermission class to control access to your code based on identity or role membership.