0

I have a business logic layer and 2 applications which use this, a MVC UI and a Web API project.

One of the properties on my classes is CreatedBy and UpdatedBy, which should hold the userid.

 public Nullable<System.DateTime> CreatedTS { get; set; } public string CreatedBy { get; set; } public Nullable<System.DateTime> UpdatedTS { get; set; } public string UpdatedBy { get; set; }

Given there are multiple consumers of the BLL what is the best way to capture the userId?

A) - Set this within the BLL using Environment.UserName?

B) - Ask the client to set it and use model data annotation to make this Required

C) - Ask the client to pass this into any Create or Update methods in the BLL.

Improve this question

2 Answers 2

Reset to default
3

I would generally use Thread.CurrentPrincipal.Identity.Name.

To do so, you must ensure that Thread.CurrentPrincipal is set to a principal representing the current user. This is done in the UI tier, and will happen automagically if you:

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

So set this in the UI/Client before accessing the BLL?
@JackRussell, yes, set it to a principal representing the authenticated user in the UI tier.
1

If you're using FormsAuthentication in both MVC and WebApi, you can access properties User.Identity.Name.

int userId = db.Users.Single(r=>r.Name == User.Identity.Name);

In WebApi it will be HttpContext.Current.User.Identity.Name

This approach is quite secure. If you store userId on client-side, user will be able to modify it.

Improve this answer

6 Comments

The authentication mode is none <authentication mode="None"/>. We have an external service that runs on top of IIS that provides our authentication service. I just need help with the design of where to set the userid. BLL or client?
How are you determining current user if he is not authorized?
We have an external service that runs on top of IIS that provides our authentication service. I just need help with the design of where to set the userid. BLL or client?
And the BLL should read the userID property and set this internally, so that the client is unaware?
Your authentication service should determine userId and pass it further to BLL.
|

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.