SecurityContext.Current and newly obsoleted methods/properties

Member since: 2010
 

In the newer versions of commerce (Mediachase.Commerce 8.5.0.366) a lot of methods and properties on SecurityContext has been obsoleted, the specific property we are using a lot is SecurityContext.Current.CurrentUser and that is also the one that the workflows provided by EPiServer uses.

This property would correctly give you the actual user, both on the website itself and in the commercemanager even if logged in as a commerce admin.

Example:

logged in on the site as user1, then SecurityContext.Current.CurrentUser == user1

logged in on commerce manager as somecommercemanager processing a cart/purchase order for user1, then SecurityContext.Current.CurrentUser would still be == user1

The suggested way to replace this doesn't make sense at all:

[Obsolete("Use EPiServer.Security.PrincipalInfo.CurrentPrincipal = new System.Security.Principal.GenericPrincipal(new System.Security.Principal.GenericIdentity(username)), null) instead.")]

The does not give me a MembershipUser and I also need to know the username, also this seems to switch the commercemanager into the username provided in the username parameter, which seems wrong.

What to do here? Is there some actual article that explains these changes?

#114779 Dec 22, 2014 9:12
  • Member since: 2011
     

    Hi,

    I must admit that I do not understand that message as well - we will improve this - Thank you for your feedback.

    For your question, I think CurrentPrincipal replaces CurrentUser quite well- what exactly the information you want to get?

    Regards.

    /Q

    #114780 Dec 22, 2014 9:37
  • Member since: 2010
     

    CurrentPrincipal in the context of the commerce manager is the admin logged into commercemanager, not the user that has completed the purchase which it would be if it I was using SecurityContext.Current.

    the calculate discount activity for example is using SecurityContext.Current.CurrentUser to figure out the proper user to calculate discounts for, we are using something similar for our custom activities.

    #114781 Dec 22, 2014 9:41
  • Member since: 2011
     

    CurrentUser will return current loggedin user if SpecifiedUser is not set. If you want to get the IPrincipal for a specific user, use:

     new System.Security.Principal.GenericPrincipal(new System.Security.Principal.GenericIdentity(username)), null) 

    Username should be OrderGroup.CustomerName.

    Regards.

    /Q

    #114782 Dec 22, 2014 9:55
  • Member since: 2010
     

    Hi Quan,

    thanks for all the help sofar, but it seems the OrderGroup.CustomerName is only a NVARCHAR(64) while the aspnet_Users UserName is a NVARCHAR(255), and we have usernames larger than 64 chars as usernames are email addresses in this case.

    So I don't think that idea will work, any other suggestions?

    #114783 Dec 22, 2014 10:31
  • Member since: 2011
     

    In that case you can use CustomerContext.GetUserForContactId(PrimaryKeyId customerContactId), which customerContactId is the OrderGroup.CustomerId - assuming you have contact for that customer.

    This will return a MembershipUser value if it found the customer.

    Regards.

    /Q

    #114786 Dec 22, 2014 10:54
  • Member since: 2010
     

    Hi Quan,

    That is the method we are currenly using when working with purchase orders, guess we will switch to this method everywhere else on the site as well.

    Is there updated workflow source code somewhere for the newer versions of commerce?

    #114788 Dec 22, 2014 11:12
  • Member since: 2011
     

    We're working on workflows and an updated version should be made public very soon - end of this week, I hope.

    Regards.

    /Q

    #114789 Dec 22, 2014 11:18