none
Web API OData authentication and batch requests RRS feed

  • General discussion

  • Hello,

    We have and OWIN middleware integrated into our web application pipeline which serves the purposes of authentication of OData requests by JWT token. On successful authentication we set the Thread and HttpContext principal to custom Principal object of ours. The problem arises when performing OData batch requests. The sub-requests of batch are executed in separate threads and with no HttpContext associated with it so we loose the authenticate principal in those requests. I guess this is due to the way OData batch requests are executed but our server logic strongly depends on custom Principal. The way we currently work around this is by using a custom ActionFilterAttribute that we apply to ODataControllers:

    public class LoginAttribute : ActionFilterAttribute
    {

    public override void OnActionExecuting(HttpActionContext actionContext)
    {
    if (HttpContext.Current != null && HttpContext.Current.User as CustomPrincipal != null)
    return;

    // TEMPORARY (need more robust solution): pushing batch request principal to a sub-request thread
    if (actionContext.Request.IsBatchRequest() && actionContext.RequestContext.Principal is CustomPrincipal)
    {
    Thread.CurrentPrincipal = actionContext.RequestContext.Principal;
    return;
    }
    }
    }

    This works fine. But we are not sure this is the right way to handle it. Does anybody know what is the recommended solution for the problem described?


    Wednesday, February 25, 2015 4:08 PM

All replies

  • Hi Dmitry Marcautsan,

    According to your description, the issue is related to the ASP.NET Web API, I'd suggest you post here to get better support. 
    Thanks for your understanding.

    Best Regards,
    Amy Peng


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Thursday, February 26, 2015 4:29 AM
    Moderator
  • Thanks Amy, I moved it there. Do I need to delete this thread?
    Thursday, February 26, 2015 7:58 AM
  • Hi Dmitry Marcautsan,

    Yes, it will be better if you can delete this thread.

    Best Regards,
    Amy Peng


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Thursday, February 26, 2015 8:43 AM
    Moderator