I have a javascript/html client front-end, served by a Web API 2 REST based back-end website, hosted on IIS.
I have a home baked authentication system which validates the users credentials in the message handler against a custom user table.
public class ApiKeyHandler : DelegatingHandler
{ ....whole bunch of code validating the users credentials....}
In the message handler, I am attempting to set the thread principal so I can use role based authorization on web controller methods
[]
In the message handler, I am setting the thread principal like so:
IPrincipal principal = new GenericPrincipal(
new GenericIdentity(userName.ToString()), new string[] { "Admin" });
Thread.CurrentPrincipal = principal;
HttpContext.Current.User = principal;The problem I have is that the principal seems to disappear once processing hits the API Controller.
string currentUser = RequestContext.Principal.Identity.Name;
Boolean adminRole = RequestContext.Principal.IsInRole("Admin");
currentUser is empty and adminRole is false.
I am not sure where this is going wrong. Thanks.
