Retrieving and persisting state across requests

Question

I am writing my first ASP.NET Web API application. I am familiar with other web application frameworks (mostly Symfony, but also Django, and to a lesser extent RoR).

I am struggling a bit, to understand the sequence of events that occur after a request is sent from a browser/front end client, to the web server.

I am writing a multi tenanted application, which uses a DB backend. I am using ADO and raw SQL to access the database, I also need to store a lot of information, per user, so that basically, I create (or fetch from cache), a preloaded context, for the user.

here is some pseudo-code, that illustrates, what I'm trying to achieve, in ASP.NET.

namespace myApp.Controllers
{
    public class FoobarController : ApiController
    {
        public Response doLogin(request)
        {
             var ctx = myApplicationContext.getInstance();
             var user = ctx.getUser();     

             if (!user.isLoggedOn())
             {
                 username = request.getParameter('username');
                 password= request.getParameter('password');

                 dbManager = ctx.getDbInstance();

                 resp = dbManager.internalLogin(username, password);

                 // Load permissions etc for current user, from db
                 // Store user info in cache ..
             }
        }       

        public Response ActionOne(request)
        {
             ctx = myApplicationContext.getInstance();
             user = ctx.getUser();

             if (user.hasPermission('xxx'))
             {

             }
        }
    }
}

My question, is, how do I implement this kind of functionality:

Namely:

• Create an application context, in which I can populate with context sensitive information like a database connection, mailer configuration, object factories, miscellaneous state information etc.

• Access a user object (which I can add user credentials, permissions etc to)

• Have access to session variables etc?

Notes

1. I will be deploying the web app on Linux, and I will be using Apache as the web server.
2. For the purpose of this project, I don't want to use any Microsoft technology like Azure, Windows Authentications etc (other than C# and ASP.Net)
3. I want to use a raw database connection, not using Entity Manager (legacy application port)

Answer 1

I am struggling a bit, to understand the sequence of events that occur after a request is sent from a browser/front end client, to the web server.

For this I would say this PDF Poster gives best pictorial representation of request processing in ASP.NET WebAPI.

My question, is, how do I implement this kind of functionality:

Namely:

• Create an application context, in which I can populate with context sensitive information like a database connection, mailer configuration, object factories, miscellaneous state information etc.

• Access a user object (which I can add user credentials, permissions etc to)

• Have access to session variables etc?

For this I would say, WebAPIs are designed to be stateless and so, best approach is to create a persistent session (Say in database) and use an identifier for session (like session key or token) for each request to identify a user and fetch his session variables / context informations.

Now, for implementing the kind of functionality you have asked for in your example, that would be attained by a combination of Authentication Filters and Authorization Filters(More details on implementing them here) .

Each request in WebAPI is first processed by handlers and then before execution of requested action, filters are applied. For your example Authentication filters will hold the DoLogin function and user.hasPermission logic will reside in Authorization filters and only action logic will reside in the Action(function) in controller.