Feedback on ASP.NET Web API

Populate Thread.CurrentPrincipal with Client Identity

The controller plumbing should sync Thread.CurrentPrincipal to HttpRequestMessage.GetUserPrincipal().

T.CP is a well established pattern in .NET (e.g. ASP.NET and WCF) and many code bases use it (e.g. IsInRole or PrincipalPermission). When bringing existing library code to WebAPI you will get inconsistent security behavior if this is not correctly set.

9 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Dominick Baier shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    0 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...

      Feedback and Knowledge Base