Feedback on ASP.NET Web API

Populate Thread.CurrentPrincipal with Client Identity

The controller plumbing should sync Thread.CurrentPrincipal to HttpRequestMessage.GetUserPrincipal().

T.CP is a well established pattern in .NET (e.g. ASP.NET and WCF) and many code bases use it (e.g. IsInRole or PrincipalPermission). When bringing existing library code to WebAPI you will get inconsistent security behavior if this is not correctly set.

9 votes
Vote
Sign in
(thinking…)
Password icon
Signed in as (Sign out)
You have left! (?) (thinking…)
Dominick Baier shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

0 comments

Sign in
(thinking…)
Password icon
Signed in as (Sign out)
Submitting...

Feedback and Knowledge Base