Are your UI and DB objects executing on the same thread? If they are then they are executing in the same security context so whatever security information is available to your UI is also available to your DB objects.
If you are using your own custom security then you can construct a GenericPrincipal and assign it to the current thread and it will be available to all executing components.
GenericPrincipal MyPrincipal = new GenericPrincipal(MyIdentity, MyRoles);
//Attach the principal to the current thread.
Thread.CurrentPrincipal = MyPrincipal;
I just think that having such a high level layer create your connection is going to be a bad design. The connection should be manged at the lowest level possible (DAL).
>David.
>
>The reason we would need to pass the connection is because
>we get an instance of the connection once we go through a security class.
>
>Alvin