Assigning the user will work, but this assignment will not persist between requests. You have to make sure to set up the user at the beginning of each request, perhaps in a custom AuthorizeAttribute
or IHttpModule
. For example, you might have logic like:
- Retrieve the relevant cookie from the request
- Verify that the cookie corresponds to a valid session (e. g. by querying a database containing this information)
- Retrieve the session information based on the cookie and store it in the User property
Also, when you assign HttpContext.Current.User
consider assigning Thread.CurrentPrincipal
as well.