Try our conversational search powered by Generative AI!

SecurityContext.Current and newly obsoleted methods/properties


In the newer versions of commerce (Mediachase.Commerce a lot of methods and properties on SecurityContext has been obsoleted, the specific property we are using a lot is SecurityContext.Current.CurrentUser and that is also the one that the workflows provided by EPiServer uses.

This property would correctly give you the actual user, both on the website itself and in the commercemanager even if logged in as a commerce admin.


logged in on the site as user1, then SecurityContext.Current.CurrentUser == user1

logged in on commerce manager as somecommercemanager processing a cart/purchase order for user1, then SecurityContext.Current.CurrentUser would still be == user1

The suggested way to replace this doesn't make sense at all:

[Obsolete("Use EPiServer.Security.PrincipalInfo.CurrentPrincipal = new System.Security.Principal.GenericPrincipal(new System.Security.Principal.GenericIdentity(username)), null) instead.")]

The does not give me a MembershipUser and I also need to know the username, also this seems to switch the commercemanager into the username provided in the username parameter, which seems wrong.

What to do here? Is there some actual article that explains these changes?

Dec 22, 2014 9:12


I must admit that I do not understand that message as well - we will improve this - Thank you for your feedback.

For your question, I think CurrentPrincipal replaces CurrentUser quite well- what exactly the information you want to get?



Dec 22, 2014 9:37

CurrentPrincipal in the context of the commerce manager is the admin logged into commercemanager, not the user that has completed the purchase which it would be if it I was using SecurityContext.Current.

the calculate discount activity for example is using SecurityContext.Current.CurrentUser to figure out the proper user to calculate discounts for, we are using something similar for our custom activities.

Dec 22, 2014 9:41

CurrentUser will return current loggedin user if SpecifiedUser is not set. If you want to get the IPrincipal for a specific user, use:

 new System.Security.Principal.GenericPrincipal(new System.Security.Principal.GenericIdentity(username)), null) 

Username should be OrderGroup.CustomerName.



Dec 22, 2014 9:55

Hi Quan,

thanks for all the help sofar, but it seems the OrderGroup.CustomerName is only a NVARCHAR(64) while the aspnet_Users UserName is a NVARCHAR(255), and we have usernames larger than 64 chars as usernames are email addresses in this case.

So I don't think that idea will work, any other suggestions?

Dec 22, 2014 10:31

In that case you can use CustomerContext.GetUserForContactId(PrimaryKeyId customerContactId), which customerContactId is the OrderGroup.CustomerId - assuming you have contact for that customer.

This will return a MembershipUser value if it found the customer.



Dec 22, 2014 10:54

Hi Quan,

That is the method we are currenly using when working with purchase orders, guess we will switch to this method everywhere else on the site as well.

Is there updated workflow source code somewhere for the newer versions of commerce?

Dec 22, 2014 11:12

We're working on workflows and an updated version should be made public very soon - end of this week, I hope.



Dec 22, 2014 11:18
This topic was created over six months ago and has been resolved. If you have a similar question, please create a new topic and refer to this one.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.