I have been using Azure Websites for couple of months and I decided to migrate to Cloud Services for SSL reasons. Since, I might need couple of web roles in my project, my session management need to be stateless.
This is how I deal with user data in my project. If I need user related data I get their username via HttpContext.Current.User.Identity.Name. Using this info I query my database to fetch information about my users.
Is this to correct way to do it ? I made some research but could not find really clear info about where HttpContext.Current.User comes from.
So far, this is what I understand. User authenticates with Forms Authentication which creates a cookie in users PC. When server is requested by user again, server checks the cookie info and uses it to fill HttpContext object. If one of the other web roles takes the request next time, could it use that cookie to fill HttpContext ? (this could be all wrong, as I said this is what I understand from docs and other answers on web)
That is what I am trying to understand basically. I hope I explained my problem clear enough. Let me know If it is not clear.
I think your understanding is correct. When we use FormAuthentication, there will be a cookie generated once logged in, with the user information and something like token encrypted. Then we we request another page, browser will send this cookie to the server and ASP.NET will decrypt the cookie, validate and fill the user information into HttpContext.Current.User, no matter how many instances on your server side. So I think it's safe to use HttpContext.Current.User in a web role with multi-instance.