Menu
What is the difference between the following two ways of accessing the principle via an AuthorizeAttribute implementation?
Using HttpContext:
protected override bool IsAuthorized(HttpActionContext actionContext)
{
return HttpContext.Current.User.IsInRole("DemoRole");
}
Using HttpActionContext:
protected override bool IsAuthorized(HttpActionContext actionContext)
{
return actionContext.RequestContext.Principal.IsInRole("DemoRole");
}
375
They are the same, which you can prove by including this line in the method:
Debug.Assert(actionContext.RequestContext.Principal == HttpContext.Current.User);
I would personally use the actionContext, since using HttpContext.Current creates a dependency, and makes it harder to e.g. unit test.
100
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
