ClaimsPrincipal.Current vs. HttpContext.Current.User?

Alwyn picture Alwyn · Oct 29, 2013 · Viewed 18.2k times · Source

In MVC what's the difference between these 2?

They look identical, and they even return the same Type/Class System.Web.Security.RolePrincipal but there're subtleties.

Eg. The following code throws various errors when called against the instance generated via ClaimsPrincipal.Current

cp.FindFirst(ClaimTypes.Name); //{"Unable to connect to SQL Server database."} <--HUH!?
cp.Claims; //{"Value cannot be null.\r\nParameter name: username"}

The above works when cp is this instead:

var cp = System.Web.HttpContext.Current.User

When drilling down to the private members via quick watch I can see that they both has the same Claim dictionary. However for whatever reason the public property blows when called against the object returned by ClaimsPrincipal.Current

Help - why is this!? This is driving me crazy.

=============EDIT==================

It must be almost time to go to bed.

IPrincipal supports multiple identities. It requires some kind of store. IIdentity returns an instance of ClaimsIdentity and does not require the store.

I was simply drilling the wrong properties. The two of them are almost identical in their shape ie. same properties and methods, that I got them confused.

Answer

hutchonoid picture hutchonoid · Oct 29, 2013

The Identity is the current authenticated user and the principal is the security context that the code is running under.

This article is a good explanation that I found useful http://msdn.microsoft.com/en-us/library/ftx85f8x.aspx .