(NOT MAINTAINED, SEE README) WebAPIDoodle is an ASP.NET Web API library which contains several useful Extensions, Filters, Message Handlers and so on and so forth.
MIT License
37
stars
9
forks
source link
Setting Principal in BasicAuthenticationHandler broken for Web API v2 #11
To support the AuthorizeAttribute in Web API v2 the line has to be changed to (or added if other scenarios still need the principal being set in Thread.CurrentPrincipal):
Line 60 of the BasicAuthenticationHandler in the webapi-v2-dotnet-45 branch reads:
This is not compatible with the AuthorizeAttribute of Web API v2 that is fetching the principal from the RequestContext. (more info here: http://leastprivilege.com/2013/10/03/thinktecture-identitymodel-and-web-api-v2-katana/)
To support the AuthorizeAttribute in Web API v2 the line has to be changed to (or added if other scenarios still need the principal being set in Thread.CurrentPrincipal):