locked
POST and query data for current user in WEB API RRS feed

  • Question

  • User-1126599655 posted

    I hope I can't some hints where to begin. I have an mvc 4 web API using EF and SQL database. I have a few API calls that uses specific data either to post, put or GET. 

    1. First GET method retrieves some data based on the current user who authenticates via basic authentication, (How do I retrieve the data based on the current user (principal)?)

    2. Next, I have a POST method to post new object data  which doesn't need to be associated with anything,

    3. Next call, I have a PUT method where I have to query the data posted in step 2 then update it. In short, I take the user name from basic authentication filter then I need find it in the database in the object data from step 2. Please note, in this step the username and password are no longer the same from step 1 and 2, instead the username let say it's 1234567 which is not an user that exist in database but this value exists in one of the fields from data posted in step 2. So, I need to take the current user form basic auth. filter (in this case 1234567) then search in the Customers database table for this string "1234567" and return the record ID where this string is found.  

    data object example posted in step 2.

    {"firstName":"John""lastName":"Doe", "serial":"1234567"}

    Or is there a way to keep the record ID in memory from step 2 so I can re-user the record ID from the last POST record?

    I guess the simple questions are, how do I query a table an return the record ID number and how do I return data when I know the username but I don't know the record ID so I can return only data that belongs to the current user.

    I use built in asp net security to authenticate the first 2 calls via basic authentication, from step 3 I used custom database 

    Thank you in advance.  

    Monday, September 28, 2015 12:14 AM

All replies

  • User-84896714 posted

    Hi iit868,

    How do I retrieve the data based on the current user (principal)?

    Use below code to get the identity name.

    Request.GetRequestContext().Principal.Identity.IsAuthenticated
    Request.GetRequestContext().Principal.Identity.Name

    is there a way to keep the record ID in memory from step 2 so I can re-user the record ID from the last POST record?

    I suggest you return record ID to client and send it to server next time.

    Best Regards,
    Wang Li

    Monday, September 28, 2015 11:11 PM
  • User-1126599655 posted

    Thank you for reply. Here are more details that will explain my problem better (I hope).

    In step 2  I POST an object such as this:

    {
    "boolean": true,
    "name": "MyJSON",
    "number": 123,
    "object": { },
    "string": "Hello World"
    }

    Now in step 3 the basic authentication looks in a custom table for username and the password is the complete json object from step 2. Username is the string "MyJSON" from step 2, so I need to lookup in my custom tablet called "dbo.Test5" for this string name "MyJSON" then return the ID so I can use this ID to update the same record with the following data object: 

    {
    "boolean": true,
    "name": "MyJSON",
    "number": 123,
    "object": {
    "a": "b",
    "c": "d",
    "e": "f"
    },
    "string": "Hello World"
    }

    So in step 3 I find the record in database table "dbo.Test5" where the name is "MyJSON" then I return the ID. This is the part I need help to figure out. 

    This is the authorization header in step 3:

    MyJSON:{"boolean":true,"name":"MyJSON","number":123,"object":{},"string":"Hello World"}

    Authorization: Basic TXlKU09OOnsiYm9vbGVhbiI6dHJ1ZSwibmFtZSI6Ik15SlNPTiIsIm51bWJlciI6MTIzLCJvYmplY3QiOnt9LCJzdHJpbmciOiJIZWxsbyBXb3JsZCJ9

    As you can see the username I use is MyJSON and the password is the whole json object POSTed in step 2. ( I do not use ASP identity for basic authorization so I'm not sure if I can use Thread.CurrentPrincipal.Identity or HttpContext.User.Identity to find the username coming through basic auth in my case MyJSON username)

    Tuesday, September 29, 2015 9:30 AM