ASP.NET authentication is now based on OWIN middleware that can be used on any OWIN-based host. ASP.NET Identity does not have any dependency on System.Web.
I have an AuthorizeAttribute filter where I need to get the current user and add some properties to be retrieved later by action controllers.
The problem is that I have to use the HttpContext which belongs to System.Web. Is there any alternative of HttpContext for Owin?
public class WebApiAuthorizeAttribute : AuthorizeAttribute
{
public override async Task OnAuthorizationAsync(HttpActionContext actionContext, CancellationToken cancellationToken)
{
base.OnAuthorization(actionContext);
Guid userId = new Guid(HttpContext.Current.User.Identity.GetUserId());
ApplicationUserManager manager = new ApplicationUserManager(new ApplicationUserStore(new ApplicationDbContext())) { PasswordHasher = new CustomPasswordHasher() };
ApplicationUser user = await manager.FindByIdAsync(userId);
actionContext.Request.Properties.Add("userId", user.LegacyUserId);
}
}
Note: I found this question, which seems a duplicate, but asks for a solution working for NancyFx project, which is not valid for me.
This article gives me the solution:
Web API 2 introduced a new RequestContext class that contains a Principal property. This is now the proper location to look for the identity of the caller. This replaces the prior mechanisms of Thread.CurrentPrincipal and/or HttpContext.User. This is also what you would assign to if you are writing code to authenticate the caller in Web API.
So just modifying the line:
Guid userId = new Guid(HttpContext.Current.User.Identity.GetUserId());
by
Guid userId = new Guid(actionContext.RequestContext.Principal.Identity.GetUserId());
now, the reference to System.Web is not needed anymore.
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句