I've created a web application and used Dependancy Injection for the authorization of the entities. Second, for maintenance purposes I use seperate threads started in the Global.asax file. I've chosen for this approach because I don't know on what servers the application will be installed and therefor I don't use Windows Services or Scheduled Tasks for maintenance.

Given this situation, maintenance and the regular UI will use the same Authorizers. "Regular" Authorization is based on HttpContext.Current.User.Identity, however in maintenance I don't have a Current.User, but it does require full access to all entities.

To make a difference in the authorizer classes between maintenance and UI, I check whether the object HttpContext.Current is filled. If filled, then it must be UI, if not it must be maintenance.

Is this a safe way for the authorizer classes? Can this be used in some way to gain full access to the entities? Is there a better way?

If it ain't broke, don't fix it

Otherwise you might try to store the user identity in a Session variable, I think this can be shared with the separate thread.

I'm not sure whether it's broke or not :-)

I don't think I can use the Session object, it's also null.

I haven't tried this before. But I found the following thread while googling around. http://forums.asp.net/t/1384353.aspx It's discussing a relevant issue, and there were couple of proposed work-arounds.

I've read the post, but not really something I could use. I'll stick with my approach.

Thanxs.