Feedback on ASP.NET Web API

Consistent Integration with Host Security

The host integration plumbing should be consisten when copying host established client identity to WebAPI.

The logic should be:

- If the host has established a client identity, copy it to the request message.
- If not, set up an anonymous principal.

Currently, in web hosting the client id is always copied, in self hosting only for windows auth.

This will lead to situations where HttpRequestMessage.GetUserPrincipal() returns null.

9 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Dominick Baier shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
    completed  ·  Daniel Roth responded  · 

    We now consistently use Threat.CurrentPrincipal as the contract between ASP.NET Web API and the host.

    0 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...

      Feedback and Knowledge Base