Accessing User Context from web api web service

[JustinBourlier]

I'm getting basically a blanked out User.Identity object, and also a blank Csla.ApplicationContext.User object from within a WebApi web service.

I'm setting the principal in Application_AcquireRequestState in the global.asax file.

The application is ASP.NET WebForms C# 4.5.1

[ghost]

You might check this post out on Stack Overflow. I have little to no (emphasis no) WebApi experience but plan on changing that in the near future. I've had a similar thought on my mind so I'm curious how you solve this problem. Only thing different for me right now: I'm using Web Forms and converting to MVC.

Edit: there's also this link I just found.

[rockfordlhotka]

@fujiiface I think you should have a relatively easy time - unless you are also going to .NET Core or MVC 6. Prior to that point they left the way HttpContext.Current works pretty much alone.

But in WCF and some Web API scenarios Microsoft has changed the way HttpContext.Current flows through the request pipeline, and that'll obviously affect how and when we can set the current user.

I don't personally know how it works in Web API, so hopefully that stackoverflow thread helps.

[ghost]

@rockfordlhotka I haven't had any problems with Csla.ApplicationContext.User so far. It's picked up my custom principal and identity with no problems. I upgraded the project up to .NET 4.6 and MVC 5.

I'm going through the video mentioned in the first link and WebApi auth starts at around the 10 min mark with some hints landing around the 15:45 mark. Default WebApi setup has the config.SuppressDefaultHostAuthentication() line in WebApiConfig that basically strips out the http cookie so this probably has something to do with your problem @JustinBourlier. It's explained in the video but they basically do this on purpose to keep the implementation more pure and prevent request forgery.

[JustinBourlier]

Thanks, I'll have a look at the video. I'm not utilizing formsauthentication or cookies. We actually get user credentials in the HttpHeader variables (like their unique id, and active directory groups).

It might be awhile til I get back to you on this one, long break coming up, and I'm busy trying to get as much done as these deadlines start chasing me down.

[ghost]

Thanks @JustinBourlier. No rush on the implementation...just curious how you end up solving the problem since I will likely run into a similar issue although we are using Forms Authentication.