bnordli
commented
8 years ago The real issue here is actually that UserSecurityActor is asking the static object CurrentPrincipal instead of the more widely used ICanResolvePrincipal in order to find a principal.
CurrentPrincipal should be removed and all usages moved to ICanResolvePrincipal.
PrincipalResolver in Web project should first check HttpContext.Current.User, in case the handling of the request has been delegated to another thread.