All geek questions in one place

The user set in global.asax is available only after the following request

I am building an intranet application using ASP.NET MVC 4 with Windows Authentication. In the global.asax file, I implemented this method:

protected void WindowsAuthentication_OnAuthenticate(object sender, WindowsAuthenticationEventArgs args)

In this method, I create a new ClaimsIdentity and set args.User for it, as an example on MSDN . Later in the application, in one of the controllers, I need to get some data from the database. Since I already have an API action that does this, I am calling this API (synchronously) from my controller.

The API receives requests for the current user using the ApiController.User property. Here, however, the claims are not the ones I asked in global.asax. In fact, these are claims that were in place at the user before this request.

The strange thing (for me) is that the next time I call the application, new claims will be in place. Therefore, in my case, I change the statement that later you choose which buttons should be visible to the user, but only after the user makes another request to the application, these buttons will be updated.

How can I make sure that the applications that I installed in global.asax take effect immediately?

Additional Information:

I do not establish a claim for each request. When this method is executed, I will check several things to find out if the user is still valid: cookie, the user is not anonymous, and the user is still "valid". The latter is determined by the cache - I keep a list of users who are still valid, and if someone updates their permissions through the user interface, they become invalid and will receive new claims in the next request.

I hooked up a debugger, and I see that my code is running, the principal has all the claims that I want it to have, still in this method. When I reach the action of the controller, ApiController.User has the claims that it had to the request before that. When I make another request, the authentication method is skipped (since the username is now in the cache), and the ApiController.User controller has the correct requirements.

+5
source share
3 answers

You need to install both members in order for them to work.

 Thread.CurrentPrincipal = principal; HttpContext.Current.User = principal;
+1
source

I do not think that you can access your requirements in the same request that you installed them. Try redirecting after setting your requirements.

+1
source

I'm doing something like that. Here is my code, I hope it will be useful.

 protected void Application_PostAuthenticateRequest(object sender, EventArgs e) { var clamisIdentityBuilder = DependencyResolver.Current.GetService<IClaimsIdentityBuilder>(); var transformer = new ClaimsTransformer(clamisIdentityBuilder); var principal = transformer.Authenticate(string.Empty, ClaimsPrincipal.Current); // user if authenticated but Claims could not be created (they are not available in cache nor DB) if (principal == null) { var cacheProvider = DependencyResolver.Current.GetService<ICacheProvider>(); cacheProvider.Clear(); FormsAuthentication.SignOut(); Response.Clear(); string redirectUrl = FormsAuthentication.LoginUrl; Response.Redirect(redirectUrl); } else { Thread.CurrentPrincipal = principal; HttpContext.Current.User = principal; } }
0
source

Source: https://habr.com/ru/post/1201069/

More articles:


All Articles