设置Thread.CurrentPrincipal异步?

时间:2013-05-14 20:47:28

标签: c# asp.net-web-api async-await

使用ASP.NET WebAPI,在身份验证期间,设置Thread.CurrentPrincipal以便控制器稍后可以使用ApiController.User属性。

如果该身份验证步骤变为异步(以咨询其他系统),则CurrentPrincipal的任何变异都将丢失(当调用者的await恢复同步上下文时)。

这是一个非常简化的示例(在实际代码中,身份验证发生在动作过滤器中):

using System.Diagnostics;
using System.Security.Principal;
using System.Threading;
using System.Threading.Tasks;

public class ExampleAsyncController : System.Web.Http.ApiController
{
    public async Task GetAsync()
    {
        await AuthenticateAsync();

        // The await above saved/restored the current synchronization
        // context, thus undoing the assignment in AuthenticateAsync(). 
        Debug.Assert(User is GenericPrincipal);
    }

    private static async Task AuthenticateAsync()
    {
        // Save the current HttpContext because it's null after await.
        var currentHttpContext = System.Web.HttpContext.Current;

        // Asynchronously determine identity.
        await Task.Delay(1000);
        var identity = new GenericIdentity("<name>");

        var roles = new string[] { };
        Thread.CurrentPrincipal = new GenericPrincipal(identity, roles);
        currentHttpContext.User = Thread.CurrentPrincipal;
    }
}

如何在异步函数中设置Thread.CurrentPrincipal,以便调用者的await在恢复同步上下文时不会丢弃该突变?

1 个答案:

答案 0 :(得分:9)

您还必须设置HttpContext.Current.User。有关详细信息,请参阅this answerthis blog post

更新:还要确保您在.NET 4.5上运行并将UserTaskFriendlySynchronizationContext设置为true