Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

User set in global.asax only available after next request

Tags:

.net

asp.net

asp.net-mvc

claims-based-identity

global-asax

I am building an intranet application using ASP.NET MVC 4 with Windows authentication. In the global.asax file, I have implemented this method:

protected void WindowsAuthentication_OnAuthenticate(object sender, WindowsAuthenticationEventArgs args)

In this method, I create a new ClaimsIdentity and set args.User to it, just like the example on MSDN. Later on in the application, in one of the Controllers, I need to get some data from the database. Since I already had an API action that does this, I call that API (synchronously) from my Controller.

The API gets the claims for the current user using the ApiController.User property. Here though, the claims are not the ones I set in global.asax. In fact, they are the claims that were in place on the user before this request.

The strange thing (to me) is that the next time I make a call to the application, the new claims are in place. So in my case, I change the claims that later on decide which buttons should be visible to a user, but only after the user makes another request to the application, these buttons are updated.

How can I make sure that the claims that I set in global.asax immediately take effect?

Extra info:

I don't set the claims on every request. When this method executes, I check a number of things to see if the user is still valid: cookie, user isn't anonymous, and user is still "valid". The latter is decided by cache - I keep a list of users that are still valid and if someone updates their permissions through a user interface, they become invalidated and will receive new claims in their next request.

I've attached a debugger and I see my code getting executed, the principal gets all the claims I want it to have while still in this method. When I reach a controller action, ApiController.User has the claims it had on the request before this one. When I make another request, the authentication method is skipped (because the user name is now in the cache), and in the controller the ApiController.User has the correct claims.

like image 887
Olaf Keijsers Avatar asked Nov 01 '22 18:11

Olaf Keijsers

2 Answers

You need to set both the members to make it work.

Thread.CurrentPrincipal = principal;
HttpContext.Current.User = principal;
like image 83
Sanjay Sahani Avatar answered Nov 15 '22 07:11

Sanjay Sahani

I don't think you can access your claims in the same request that you set them. Try to redirect after setting your claims.

like image 43
Simon B.Robert Avatar answered Nov 15 '22 07:11

Simon B.Robert
Sign in to Comment

Related questions

ASP MVC - Get data from partial view on Create
How do I overwrite a Javascript function added (dynamically) by Asp.Net UpdatePanel?
Can XSP run ASP.NET 4.5?
Handler class code not firing
IIS 8.5 Custom 404 not working for extensionless urls
The best place to replace text in asp.net mvc pipline
How to maintain state of a label during postback?
SignalR - Send message to user using UserID Provider
Unexplained timeouts when running stored procedures
Ajax control toolkit editor is not showing correctly
setting and getting cookies asp.net mvc4
Entity Framework Enable-Migrations
Why is ASP.NET seemingly handling exceptions thrown by framework and web application differently?
Powershell generic session and import this session in Exchange remote management session
Provide XML file for download with large number of records in asp.net c#
Authenticating angular for HTTP requests on MVC4 site using Windows Authentication
Missing project templates in "New Project" dialog box in Visual Studio 2013
How to update columns in unpivot query my Query attached Sql Server?
How do I set up ObjectDataSource select parameters at runtime
ASP.Net Identity how to set target DB?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!