Home/ Questions/Q 8176783
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-06T23:19:36+00:00

I’m using ASP.NET Membership. If all I ever care about is whether or not

  • 0

I’m using ASP.NET Membership. If all I ever care about is whether or not I have a non-null Membership.GetUser(), is there ever a reason to use Request.IsAuthenticated?

During development, I have inadvertently created situations where Request.IsAuthenticated is true, but Membership.GetUser() is null, so I would pass the [Authorize] filter test (which is applied globally, with [AllowAnonymous] applied specifically as required), but fail later on. While this is a situation that would probably not occur in production, I’d still like to account for it.

Given this, would it be appropriate to write a custom filter, say AuthorizeMembership or some such, that checks against Membership.GetUser() rather than Request.IsAuthenticated? Any gotchas to be aware of?

If so, would it also be okay to use that filter to populate a global UserInfo object with the user properties I typically need to process a request? I don’t use Membership Profile at all, but manage my user properties independently in a separate application database.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The main different is speed.

    The Request.IsAuthenticated is faster and use an internal cache flag, than the Membership.GetUser().

    To see why the one is faster than the other I place here the code.

    public virtual bool IsAuthenticated
{
    get
    {
        if (this.m_isAuthenticated == -1)
        {
            WindowsPrincipal principal = new WindowsPrincipal(this);
            SecurityIdentifier sid = new SecurityIdentifier(IdentifierAuthority.NTAuthority, new int[] { 11 });
            this.m_isAuthenticated = principal.IsInRole(sid) ? 1 : 0;
        }
        return (this.m_isAuthenticated == 1);
    }
}

    but the GetUser() have too many calls because actually need more information’s to give.

    public static MembershipUser GetUser()
{
    return GetUser(GetCurrentUserName(), true);
}

private static string GetCurrentUserName()
{
    if (HostingEnvironment.IsHosted)
    {
        HttpContext current = HttpContext.Current;
        if (current != null)
        {
            return current.User.Identity.Name;
        }
    }
    IPrincipal currentPrincipal = Thread.CurrentPrincipal;
    if ((currentPrincipal != null) && (currentPrincipal.Identity != null))
    {
        return currentPrincipal.Identity.Name;
    }
    return string.Empty;
}

public static MembershipUser GetUser(string username, bool userIsOnline)
{
    SecUtility.CheckParameter(ref username, true, false, true, 0, "username");
    return Provider.GetUser(username, userIsOnline);
}

internal static void CheckParameter(ref string param, bool checkForNull, bool checkIfEmpty, bool checkForCommas, int maxSize, string paramName)
{
    if (param == null)
    {
        if (checkForNull)
        {
            throw new ArgumentNullException(paramName);
        }
    }
    else
    {
        param = param.Trim();
        if (checkIfEmpty && (param.Length < 1))
        {
            throw new ArgumentException(SR.GetString("Parameter_can_not_be_empty", new object[] { paramName }), paramName);
        }
        if ((maxSize > 0) && (param.Length > maxSize))
        {
            throw new ArgumentException(SR.GetString("Parameter_too_long", new object[] { paramName, maxSize.ToString(CultureInfo.InvariantCulture) }), paramName);
        }
        if (checkForCommas && param.Contains(","))
        {
            throw new ArgumentException(SR.GetString("Parameter_can_not_contain_comma", new object[] { paramName }), paramName);
        }
    }
}
    • 0