SiteCore Security: I do it my way – Part II

I’m starting my first serie of blogs in the third week :).
Here’s part two of my experiences with the SecurityModel. This is my reaction to the comment of Lars Nielsen:

I tried to use the SecuritySwitcher. To bad, but I couldn’t find the overloaded Constructor :(. Guess that I can find it in 5.2 or the next release of 5.1.1?
It didn’t really matter because, I guess, it will use Sitecore.Context.Domain to retrieve the UserItem from.:
Sitecore.SecurityModel.UserItem myUser = Sitecore.Context.Domain.GetUser("admin");
using(new Sitecore.SecurityModel.SecuritySwitcher(myUser))
{
//Your code
}

So to figure out if the SecuritySwitcher really uses just it’s own state-object in it’s own scope. I wrote some test code. You can download it here(for question about copyrights etc, please see the ‘Legal Notice‘).
I discovert 2 strange ‘functionalities’:
– Default the Sitecore.Context.Security.User is an empty object?! I don’t exactly can understand why this object isn’t filled. When I’m visiting a SiteCore website, I expect that by default my session would use the user ‘Anonymous’.
– When you run the code as a layout you’ll see that when you switch to the Sitecore-domain user ‘Admin’ when you are in the domain ‘Extranet’, you will stay in the domain ‘Extranet’. So Sitecore.Context.Domain.Name gives ‘Extranet’ but Sitecore.Context.Security.User.Domain.Name gives ‘Sitecore’. Isn’t this strange? The samething appears when you login to the user ‘Guest’ in the domain ‘Extranet’ and you change the ActiveWebsite to ‘shell'(so your domain changes to ‘Sitecore’), the Sitecore.Context.Security.User.Domain.Name gives still Extranet.
That’s what I’ve noticed till know.

Note: I’m using Sitecore 5.1.1.4 at the moment. I guess I’ve to upgrade to 5.1.1.8 for solving both problems :P?