Question
Assuming a fairly general use case in an ASP.NET Web Forms application, where should I be retrieving my principal + identity?
I'm aware that there are generally two ways to go about it:
https://stackoverflow.com/questions/17985790
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianHttpContext.Current.UserThread.CurrentPrincipalI'm speculating that using HttpContext will run the risk of a current context not existing (i.e. HttpContext.Current == null) on some edge cases, but I more often see code that use this instead of Thread.CurrentPrincipal (which I assume is safer, as it should always exist?).
Why is this? What implications am I getting myself into if I pick one or the other?
Solution
Rep whoring here I come :)
Mr. Hanselman has already blogged about this here: http://www.hanselman.com/blog/SystemThreadingThreadCurrentPrincipalVsSystemWebHttpContextCurrentUserOrWhyFormsAuthenticationCanBeSubtle.aspx
The basic idea is that 99% of the time.. they are the same.. although it's possible to change them.
