I must admit that I do not understand that message as well - we will improve this - Thank you for your feedback.
For your question, I think CurrentPrincipal replaces CurrentUser quite well- what exactly the information you want to get?
CurrentPrincipal in the context of the commerce manager is the admin logged into commercemanager, not the user that has completed the purchase which it would be if it I was using SecurityContext.Current.
the calculate discount activity for example is using SecurityContext.Current.CurrentUser to figure out the proper user to calculate discounts for, we are using something similar for our custom activities.
CurrentUser will return current loggedin user if SpecifiedUser is not set. If you want to get the IPrincipal for a specific user, use:
new System.Security.Principal.GenericPrincipal(new System.Security.Principal.GenericIdentity(username)), null)
Username should be OrderGroup.CustomerName.
thanks for all the help sofar, but it seems the OrderGroup.CustomerName is only a NVARCHAR(64) while the aspnet_Users UserName is a NVARCHAR(255), and we have usernames larger than 64 chars as usernames are email addresses in this case.
So I don't think that idea will work, any other suggestions?
In that case you can use CustomerContext.GetUserForContactId(PrimaryKeyId customerContactId), which customerContactId is the OrderGroup.CustomerId - assuming you have contact for that customer.
This will return a MembershipUser value if it found the customer.
That is the method we are currenly using when working with purchase orders, guess we will switch to this method everywhere else on the site as well.
Is there updated workflow source code somewhere for the newer versions of commerce?
In the newer versions of commerce (Mediachase.Commerce 220.127.116.116) a lot of methods and properties on SecurityContext has been obsoleted, the specific property we are using a lot is SecurityContext.Current.CurrentUser and that is also the one that the workflows provided by EPiServer uses.
This property would correctly give you the actual user, both on the website itself and in the commercemanager even if logged in as a commerce admin.
logged in on the site as user1, then SecurityContext.Current.CurrentUser == user1
logged in on commerce manager as somecommercemanager processing a cart/purchase order for user1, then SecurityContext.Current.CurrentUser would still be == user1
The suggested way to replace this doesn't make sense at all:
[Obsolete("Use EPiServer.Security.PrincipalInfo.CurrentPrincipal = new System.Security.Principal.GenericPrincipal(new System.Security.Principal.GenericIdentity(username)), null) instead.")]
The does not give me a MembershipUser and I also need to know the username, also this seems to switch the commercemanager into the username provided in the username parameter, which seems wrong.
What to do here? Is there some actual article that explains these changes?