0

I am still pretty new to ASP.NET Web API. I am currently working on the authentication part of a new application based on Web API, which is developed using some libraries/kinda framework of the company.

There is already some MVC application - they are using forms based authentication and they are not using the IPrincipal to store information about the user, rather a unity based approach, keeping data in a custom IUser object (basically kept on the session). The Web API application is going to be stateless (no session), just that I am going to add some user related information in the authentication cookie (retrieved per request in the Application_PostAuthenticateRequest).

I am a bit undecided to keep this user related data in a custom implementation of IPrincipal (as I noticed to be a practice) or use the current approach of other applications in the company utilizing an IUser - served by Unity, using a per request lifetime manager.

Which do you consider to be the better approach?

bandreas
  • 869
  • 1
  • 8
  • 25

1 Answers1

0

If you're keeping track of Users per session, try using Singleton classes, if you're about to make a log of the users that entered the session, write it down in a textfile like a whitelist.

ProteanDev
  • 84
  • 1
  • 10
  • As I mentioned the webapi application is going to be stateless - no seesion. For now I have chosen to keep the user related information in a custom class, extracting information from the authentication cookie. – bandreas Jun 27 '13 at 07:49