Feedback on ASP.NET Web API

← ASP.NET Web API

Consistent Integration with Host Security

The host integration plumbing should be consisten when copying host established client identity to WebAPI.

The logic should be:

- If the host has established a client identity, copy it to the request message.
- If not, set up an anonymous principal.

Currently, in web hosting the client id is always copied, in self hosting only for windows auth.

This will lead to situations where HttpRequestMessage.GetUserPrincipal() returns null.

9 votes

Vote

Sign in

Your name

Your email address

(thinking…)

Password

Sign in with:

Forgot password?

Create a password

Signed in as (Sign out)

You have left! (?) (thinking…)

Dominick Baier shared this idea · Mar 9, 2012 · Flag idea as inappropriate… · Admin →

completed ·

Daniel Roth responded · Nov 15, 2012

We now consistently use Threat.CurrentPrincipal as the contract between ASP.NET Web API and the host.

0 comments

Add a comment…

Sign in

Your name

Your email address

(thinking…)

Password

Sign in with:

Forgot password?

Create a password

Signed in as (Sign out)

Submitting...

ASP.NET Web API

Searching…

No results.
Clear search results

Give feedback
- ASP.NET MVC 253 ideas
- ASP.NET vNext 46 ideas
- ASP.NET Web API 28 ideas
- ASP.NET Web Forms 43 ideas
- forums.asp.net website 87 ideas
- General ASP.NET 159 ideas
- Show me how with code 141 ideas
- SPA - Single Page Application Framework with Javascript 11 ideas
- WCF (Web Services) 78 ideas
- www.asp.net website 47 ideas
Microsoft ASP.NET Future Feature Feedback