My company has a large application we are finishing up. It utilizes WCF as the back-bone with Active Directory for authentication. This works perfectly for one of the two sites as the authentication model is Windows and you have to be part of the domain to sign into the site. The question I have relates to the other site which is externally accessible. It sets ClientCredentials.Windows.ClientCredential for the proxy call with a specific user/pass for impersonation of an AD-user so the full security model works. This all works exactly as expected too.

The question I have is, on the web I can use HttpContext.Current.User.Identity.Name to get the currently logged in user from the Forms authentication piece, but to do this I have to make sure a System.Web reference exists against the DLL I’m currently working in. Our base objects come from a simplistic class that doesn’t know about System.Web. Is there a way to find out the Forms user who is logged in inside that base object project? I tried System.Security.Principal but that only gives me access to the Windows accounts from what I could tell and won’t do me any good.

I know an option is to just reference System.Web and be done with it but that sounds really klugy to me and not the best option so I’m hoping for some tips here.