Retrieving and persisting state across requests

Question

I am writing my first ASP.NET Web API application. I am familiar with other web application frameworks (mostly Symfony, but also Django, and to a lesser extent RoR).

I am struggling a bit, to understand the sequence of events that occur after a request is sent from a browser/front end client, to the web server.

I am writing a multi tenanted application, which uses a DB backend. I am using ADO and raw SQL to access the database, I also need to store a lot of information, per user, so that basically, I create (or fetch from cache), a preloaded context, for the user.

here is some pseudo-code, that illustrates, what I'm trying to achieve, in ASP.NET.

namespace myApp.Controllers
{
    public class FoobarController : ApiController
    {
        public Response doLogin(request)
        {
             var ctx = myApplicationContext.getInstance();
             var user = ctx.getUser();     

             if (!user.isLoggedOn())
             {
                 username = request.getParameter('username');
                 password= request.getParameter('password');

                 dbManager = ctx.getDbInstance();

                 resp = dbManager.internalLogin(username, password);

                 // Load permissions etc for current user, from db
                 // Store user info in cache ..
             }
        }       

        public Response ActionOne(request)
        {
             ctx = myApplicationContext.getInstance();
             user = ctx.getUser();

             if (user.hasPermission('xxx'))
             {

             }
        }
    }
}

My question, is, how do I implement this kind of functionality:

Namely:

Create an application context, in which I can populate with context sensitive information like a database connection, mailer configuration, object factories, miscellaneous state information etc.
Access a user object (which I can add user credentials, permissions etc to)
Have access to session variables etc?

Notes

I will be deploying the web app on Linux, and I will be using Apache as the web server.
For the purpose of this project, I don't want to use any Microsoft technology like Azure, Windows Authentications etc (other than C# and ASP.Net)
I want to use a raw database connection, not using Entity Manager (legacy application port)

Have you looked into OWIN and ASP Identity? Identity comes with the template of ASP applications these days, as does OWIN, and it'll handle all your auth needs. OWIN is a more basic framework on which everything else (theoretically) sits--if you're looking to build your own auth framework just for learning, I'd start off with OWIN. There are some tutorials on the ASP.net website. — Matthew Haugen, Nov 26 '15 at 22:37

Guanxi · Accepted Answer · 2015-12-15T21:21:38.497

I am struggling a bit, to understand the sequence of events that occur after a request is sent from a browser/front end client, to the web server.

For this I would say this PDF Poster gives best pictorial representation of request processing in ASP.NET WebAPI.

My question, is, how do I implement this kind of functionality:

Namely:

Create an application context, in which I can populate with context sensitive information like a database connection, mailer configuration, object factories, miscellaneous state information etc.

Access a user object (which I can add user credentials, permissions etc to)

Have access to session variables etc?

For this I would say, WebAPIs are designed to be stateless and so, best approach is to create a persistent session (Say in database) and use an identifier for session (like session key or token) for each request to identify a user and fetch his session variables / context informations.

Now, for implementing the kind of functionality you have asked for in your example, that would be attained by a combination of Authentication Filters and Authorization Filters(More details on implementing them here) .

Each request in WebAPI is first processed by handlers and then before execution of requested action, filters are applied. For your example Authentication filters will hold the DoLogin function and user.hasPermission logic will reside in Authorization filters and only action logic will reside in the Action(function) in controller.

Thanks for your answer. However, I was already aware of that pdf schematic. Unfortunately, it does not help much, as it assumes that the reader is already familiar with ASP.Net classes/namespaces etc. What I was looking for was a diagram that mapped concepts in the workflow to framework classes - The diagram as it stands, looks over engineered IMHO. Failing all that, it would at least be useful to see how I can write my own authentication and authorisation filters. — Homunculus Reticulli, Dec 14 '15 at 11:56
Truely speaking thats what the diagram looked to me as well at the first glance. But once I got basic understanding of webAPI, this turnout to be a one stop point for any clarification I need for myself. This link gives more details of implementing authorization and authentication. I'll update this in my answer as well. - http://www.asp.net/web-api/overview/security/authentication-and-authorization-in-aspnet-web-api — Guanxi, Dec 14 '15 at 14:52

Retrieving and persisting state across requests

1 Answers1