1

Can anyone save some of my hair? :)

I'm trying to create an asp.net WEB API interface for an older CSLA (1.x/2.x era) project. I am testing by hard coding the login on every request in various ways (once in the startup code, as an authorization request filter, inside the individual route request etc etc). All the ways I tried work exactly once perfectly and then I get the infamous:

'Default principal object cannot be set twice.'

exception in BusinessPrincipal.vb (yeah I know it's very old, but it's released software, I can't upgrade CSLA)

I know that there is an issue where you need to set HttpContext.Current.User = Thread.CurrentPrincipal; due to some internal workings of the web API and I do that already, that has not resolved the issue.

I'd like to know if anyone has implemented a web api front end and how they handled this issue or any pointers as to what could be the solution.

Worst case scenario if I could at least just login once and keep that same principal without losing it I could implement a second layer of security, that woudld be acceptable, barring anything else is there some way to just login once and not lose that principal?

JohnC
  • 3,938
  • 7
  • 41
  • 48

1 Answers1

0

That BusinessPrincipal class would be in your code base, not in CSLA itself. The Csla.Security namespace does include a BusinessPrincipalBase that is probably the base class for your BusinessPrincipal.

Classes in that namespace are here in GitHub

It is true that you can only call AppDomain.SetPrincipalPolicy one time, but you should be able to set the Thread.CurrentPrincipal and HttpContext.Current.User multiple times.

Rockford Lhotka
  • 842
  • 6
  • 9