Asp.NET Principal WebORB HttpHandler

I have a Flex-WebORB-Asp.NET application. When logging in, there's an AuthenticationHandler which implements a WebORB interface:

IPrincipal CheckCredentials(string username, string password, Request message);

So I create a Principal and return it. WebORB uses the Principal to check for Authentication and Authorizat开发者_Go百科ion of remote method calls.

var principal = new GenericPrincipal(new GenericIdentity(user.id.ToString()), new[] { "admin" });
return principal

Now, at this point, if I check what HttpContext.Current.User.Identity is, it's a WindowsIdentity.

So far so good. When later on, a remote call is done through WebORB, I get the id of the logged in user by calling:

Thread.CurrentPrincipal.Identity.Name

So I guess WebORB makes sure the Identity of the Thread is set with each remote call.

Problem is that when I call a HttpHandler (to retrieve an image), I also try to get the id of the logged in user with Thread.CurrentPrincipal.Identity.Name, but that doesn't work. Probably because with a HttpHandler, WebORB doesn't come into action.

How would you solve this so that I can get the id of the logged in user the same way in both cases? Put it in a session object? Can you change the HttpContext.Current.User.Identity? Shouldn't the HttpContext.Current.User.Identity be the same as the Thread.CurrentPrincipal.Identity.Name?

ps: The users are not in Active Directory.

No, they are different.