What is Thread.CurrentPrincipal
used for? How does it help in the Authentication and Authorization of an application? Are there any articles or resources that help explain what it does?
Thread.CurrentPrincipal
is the way .NET applications represent the identity of the user or service account running the process.
It can hold one or more identities and allows the application to check if the principal is in a role through the IsInRole
method.
Most authentication libraries in .NET will verify the user's credentials and set this static property on the Thread class to a new principal object.
Different threads can have different principals as they may be handling requests from different users (in ASP.NET web applications HttpContext.User
is copied into Thread.CurrentPrincipal
for each new request)
Since .NET 4.5, all principal classes derive from ClaimsPrincipal
, enabling claims based authentication.
UPDATE: This is what a WindowsPrincipal looks like on my dev box: