Access username from basic authentication

Question

I have a MVC project with uses Identity. This enables users to sign up to the site and create a profile.

I have a separate WebAPI class to allow Embedded GSM devices to communicate with the server. Users are able to sign up and add many GSM units to their profile. I've had to use a Basic Authentication filter for the embedded GSM devices as it they are unable to cache a token / cookie.

My question is, how do i look up the username of the request within a webAPI controller? i've tried accessing the user with RequestContext.Principal as per suggestions, but it returns null.

Controller:

 [BasicAuthentication]
 public void Post([FromBody]string value)
 {
    // Get username from request for database lookup?
 }

Filter:

public class BasicAuthenticationAttribute : AuthorizationFilterAttribute
{

    public override void OnAuthorization(HttpActionContext actionContext)
    {
        if (actionContext.Request.Headers.Authorization == null)
        {
            actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
        }
        else
        {
            string authenticationToken = actionContext.Request.Headers.Authorization.Parameter;
            string decodedAuthenticationToken = Encoding.UTF8.GetString(Convert.FromBase64String(authenticationToken));
            string[] usernamePasswordArray = decodedAuthenticationToken.Split(':');
            string username = usernamePasswordArray[0];
            string password = usernamePasswordArray[1];

            if (GSMSecurity.Login(username, password))
            {
                Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity(username), null);
            }
            else
            {
                actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
            }
        }
    }
}

Edit:

I found the username using :

System.Threading.Thread.CurrentPrincipal;

RequestContext.Principal.Identity.Name – Ivaylo Stoev Oct 30 '17 at 10:09 — Ivaylo Stoev, Oct 30 '17 at 10:09

peco · Accepted Answer · 2017-10-31T08:39:11.633

1

If your controller inherits from System.Web.Http.ApiController you can access the User property:

[BasicAuthentication]
public void Post([FromBody]string value)
{
    var name = User.Identity.Name;
}

In BasicAuthentication, do not forget to set the principal property correctly when signing in:

if (GSMSecurity.Login(username, password))
{
    var currentPrincipal = new GenericPrincipal(new GenericIdentity(username), null);
    actionContext.RequestContext.Principal = currentPrincipal;
    Thread.CurrentPrincipal = currentPrincipal;
    HttpContext.Current.User = currentPrincipal;
}

edited Oct 31 '17 at 08:39

answered Oct 30 '17 at 10:10

peco

3,890
1
20
27

I get a null value when trying this, I've added more information. – A Houghton Oct 30 '17 at 10:52
Updated the example – peco Oct 31 '17 at 08:39

score 1 · Answer 2 · answered Oct 30 '17 at 11:14

You should also consider setting the principal on the HttpContext

if (GSMSecurity.Login(username, password)) {
    var principal = new GenericPrincipal(new GenericIdentity(username), null);
    System.Threading.Thread.CurrentPrincipal = principal;
    if (System.Web.HttpContext.Current != null) {
        System.Web.HttpContext.Current.User = principal;
    }
}

And then accessing it via the User property on the ApiController

[BasicAuthentication]
public void Post([FromBody]string value) {
    // Get username from request for database lookup?
    var username = User.Identity.Name;
    //...
}

The framework will extract the user information from the context and associate it with the request context.

score 0 · Answer 3 · answered Oct 30 '17 at 10:09

0

You can find the current user in the RequestContext.Principal

answered Oct 30 '17 at 10:09

Marcus Höglund

16,172
11
47
69

Access username from basic authentication

3 Answers3