Thread.CurrentPrincipal still returns GenericPrincipal

7 Dec 2006 3:20 PM

manny.klystron

I'm calling AppDomain.SetPrincipalPolicy() with WindowsPrincipal, but
Thread.CurrentPrincipal still returns a GenericPrincipal.

I don't see Thread.CurrentPrincipal being set before this (which can
cause it).

Are there any other circumstances under which this can happen? This is
..NET 2.0, Kerberos authentication, on an AppDomain spawned from the
main (and a second thread within that domain).

Thanks!

7 Dec 2006 3:46 PM

Dominick Baier

SetPrincipalPolicy can have all sorts of strange behavior - e.g. you are
only allowed to call it once etc..

In general i would set Thread.CurrentPrincipal manually...

-----
Dominick Baier (http://www.leastprivilege.com)

Show quoteHide quote

> I'm calling AppDomain.SetPrincipalPolicy() with WindowsPrincipal, but
> Thread.CurrentPrincipal still returns a GenericPrincipal.
>
> I don't see Thread.CurrentPrincipal being set before this (which can
> cause it).
>
> Are there any other circumstances under which this can happen? This
> is .NET 2.0, Kerberos authentication, on an AppDomain spawned from the
> main (and a second thread within that domain).
>
> Thanks!
>

7 Dec 2006 3:49 PM

manny.klystron

Furthermore, when I create a one-off WindowsPrincipal using the
MSDN-site recommended method "new
WindowsPrincipal(WindowsIdentity.GetCurrent())", the Identity is
correct and authenticated.

However, IsInRole("machine\\Users") returns false, and the principal's
m_rolesLoaded member is still false after the call.

manny.klyst***@gmail.com wrote:
Show quoteHide quote

> I'm calling AppDomain.SetPrincipalPolicy() with WindowsPrincipal, but
> Thread.CurrentPrincipal still returns a GenericPrincipal.
>
> I don't see Thread.CurrentPrincipal being set before this (which can
> cause it).
>
> Are there any other circumstances under which this can happen? This is
> .NET 2.0, Kerberos authentication, on an AppDomain spawned from the
> main (and a second thread within that domain).
>
> Thanks!