0

In a Web API, I've created a TokenAuthentication attribute to verifying token that has come from client and after that the user should sign in, then i use my UserServiceManager to sign in like this: 

   ApplicationUser aUser = new ApplicationUser();
                user.CopyToModel(aUser);

                _signInManager.SignIn(aUser, true, true);
                //_signInManager.UserManager.CreateIdentity(authenticationType,"")
                //var l = _authenticationManager.GetExternalLoginInfo();
                ////l.Login.
                //var authType = _authenticationManager.GetAuthenticationTypes();
                //var  cliamIdentity = _authenticationManager.CreateTwoFactorRememberBrowserIdentity(aUser.Id);

                var claims = new List<Claim>();
                claims.Add(new Claim(ClaimTypes.Name, user.UserName));
                claims.Add(new Claim(ClaimTypes.Email, user.Email));
                claims.Add(new Claim(ClaimTypes.NameIdentifier, user.UserName));

                var identity = new ClaimsIdentity(claims, "CustomApiKeyAuth");

                var principal = new ClaimsPrincipal(new[] { identity });
                Thread.CurrentPrincipal = principal;
                System.Web.HttpContext.Current.User = principal;

                _authenticationManager.SignIn(new AuthenticationProperties { IsPersistent = true }, identity);

                return UpdateResult<SignInStatus>.Success(SignInStatus.Success);

I Used both Thread.CurrentPrincipal and System.Web.HttpContext.Current.User to set Principal due to different thread in web api.

My purpose is the Thread.CurrentPrincipal.Identity.Name can be use in my api controller. then i set this in my TokenAuthentication Attribute after sign in:

Thread.CurrentPrincipal = System.Web.HttpContext.Current.User;

it doesn't work and Thread.CurrentPrincipal.Identity.Name is still empty in api controller.I moved the above line in my action and worked but I don't want to write it in each of my actions. what should i do?

samira riazati
  • 515
  • 7
  • 21
  • If you are in action, you can get from property called `User`, ex: `this.User` from `ApiController` – cuongle Feb 07 '17 at 11:19
  • Thanks but I have a several services which are using Thread.CurrentPrincipal.Identity.Name and i need to use this. I should assign this.User to Thread.CurrentPrincipal in my action too. as I told, I don't want such a assignment in each of my action. i need something happen in overall. – samira riazati Feb 07 '17 at 11:30

1 Answers1

0

Actually I decided to create a attribute inherited from AuthorizeAttribute to solve the problem and not to repeat the assignment in each action. but After reading the AuthorizeAttribute source i found another solution :

 actionContext.ControllerContext.RequestContext.Principal = System.Web.HttpContext.Current.User;

It was written in the custom tokenAuthentication attribute instead of Thread.CurrentPrincipal = System.Web.HttpContext.Current.User and it worked. Now Thread.CurrentPrincipal in the api controller has the correct principal.

samira riazati
  • 515
  • 7
  • 21