What is Thread.CurrentPrincipal, and what does it do?

user1844634 picture user1844634 · Jan 22, 2016 · Viewed 12.8k times · Source

What is Thread.CurrentPrincipal used for? How does it help in the Authentication and Authorization of an application? Are there any articles or resources that help explain what it does?

Answer

MvdD picture MvdD · Jan 23, 2016

Thread.CurrentPrincipal is the way .NET applications represent the identity of the user or service account running the process.

It can hold one or more identities and allows the application to check if the principal is in a role through the IsInRole method.

Most authentication libraries in .NET will verify the user's credentials and set this static property on the Thread class to a new principal object.

Different threads can have different principals as they may be handling requests from different users (in ASP.NET web applications HttpContext.User is copied into Thread.CurrentPrincipal for each new request)

Since .NET 4.5, all principal classes derive from ClaimsPrincipal, enabling claims based authentication.

UPDATE: This is what a WindowsPrincipal looks like on my dev box: enter image description here