Replacing a Principal Object
Applications that provide authentication services must be able to replace the Principal object for a given thread. Further, the security system must help protect the ability to replace Principal objects because a maliciously attached, incorrect Principal compromises the security of your application by claiming an untrue identity or role. Therefore, applications that require the ability to replace Principal objects must be granted the System.Security.Permissions.SecurityPermission object for principal control. (Note that this permission is not required for performing role-based security checks or for creating Principal objects.)
The current Principal object can be replaced by performing the following tasks:
Create the replacement Principal object and associated Identity object, usually after performing authentication.
Attach the new Principal object to the call context, as shown in the following code.