CurrentUser Overview

The MicroFour.StrataFrame.Security.SecurityBasics.CurrentUser property contains an object reference to the currently logged on user for the application. This property defaults to an instance of the MicroFour.StrataFrame.Security.AdminUser class so that all permissions will be granted unless the CurrentUser is set to another object. This default functionality provides support for the application framework when security is not being used by the application.

The SecurityBasics.CurrentUser property returns an object reference that implements the MicroFour.StrataFrame.Security.ISecurityUser interface. This interface describes methods and properties that can be used to access:

• User's primary key (UserID or UserPK)
• User's login name
• User's login time
• User's session lockout time
• User's permissions

For more information on accessing the current user’s permissions, see Accessing Permissions Programmatically, and for more information on accessing the user’s properties, see Accessing CurrentUser Information.

The classes within the StrataFrame application framework and the StrataFrame security module that implement the ISecurityUser interface are:

• AdminUser - When the built-in administrator credentials are used to log into the application.
• SecurityMaintenanceUser - When the built-in security maintenance credentials were used to log into the application.
• LoggedInUser - When a standard user’s credentials were used to log into the application.

--------------------------------------------------------------------------------------------

Differences in Web Security

Security within a web project is different than security within a Windows project in the following ways:

• CurrentUser - SecurityBasics.CurrentUser must be configured to store an ISecurityUser object for each session.
• Maintenance Forms - To maintain users, roles, and restriction sets, you must either create custom web-based maintenance forms or use the winform-based maintenance forms provided.
• Object Permissions - Object permission function much the same as when using winforms, with the primary exception being the lack of form-level security keys.
• Session Locking - Session locking is not supported within web applications.
• Programmatic Access - Programmatic access within a web project is exactly the same as within a Windows project.

CurrentUser

When using security on the web, the SecurityBasics.CurrentUser property must be configured to store a different ISecurityUser object for each session, rather than just one for the whole AppDomain. 

This is accomplished via a configuration setting which indicates that the application is being run within a web environment.  This tells the CurrentUser property to use the current session object to retrieve and store the current ISecurityUser.  For more information, refer to the Required Global.asax Code topic.

The pertinent instructions from that help topic are pasted below:

IsWebEnvironment

The MicroFour.StrataFrame.Security.SecurityBasics class contains the shared (static) property IsWebEnvironment.  This property is used to indicate to the security module that the security is being run from within a web application and that the session objects should be used to store the CurrentUser and other session specific data. The IsWebEnvironment property should be set at the top of the Application_Start() method within the Global.asax file.

Imports MicroFour.StrataFrame.Security
...
Protected Sub Application_Start(ByVal sender As Object, ByVal e As EventArgs)
    '-- Set the property
    SecurityBasics.IsWebEnvironment = True
End Sub

using MicroFour.StrataFrame.Security;
...
protected void Application_Start(object sender, EventArgs e)
{
    //-- Set the property
    SecurityBasics.IsWebEnvironment = true;
}

In Page_Load I check for the permissions of the user (if the user is a "client")

if (SecurityBasics.CurrentUser.GetPermission("client").Action != PermissionAction.Grant  )

{

Response.Redirect("default.aspx");

}