What is the difference between the following two ways of accessing the principle via an AuthorizeAttribute
implementation?
Using HttpContext
:
protected override bool IsAuthorized(HttpActionContext actionContext)
{
return HttpContext.Current.User.IsInRole("DemoRole");
}
Using HttpActionContext
:
protected override bool IsAuthorized(HttpActionContext actionContext)
{
return actionContext.RequestContext.Principal.IsInRole("DemoRole");
}
They are the same, which you can prove by including this line in the method:
Debug.Assert(actionContext.RequestContext.Principal == HttpContext.Current.User);
I would personally use the actionContext
, since using HttpContext.Current
creates a dependency, and makes it harder to e.g. unit test.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With