asp.net-web-api


User claim update not effected in ASP.NET Identity?


i need to update the user claim in web api after the user logged in.
but after updating the user claim it will still return previous values.
bellow code used to update active user group after the user logged in.
/// <summary>
/// The class AppUser
/// </summary>
public class AppUser : ClaimsPrincipal
{
/// <summary>
/// Initializes a new instance of the <see cref="AppUser"/> class.
/// </summary>
/// <param name="principal">The principal.</param>
public AppUser(ClaimsPrincipal principal)
: base(principal)
{
}
/// <summary>
/// Gets the name.
/// </summary>
/// <value>
/// The name.
/// </value>
public string Name
{
get
{
return this.FindFirst(ClaimTypes.Name).Value;
}
}
/// <summary>
/// Gets the name of the user.
/// </summary>
/// <value>
/// The name of the user.
/// </value>
public string UserName
{
get
{
return this.FindFirst("UserName").Value;
}
}
/// <summary>
/// Gets the active group.
/// </summary>
/// <value>
/// The active group.
/// </value>
public string ActiveGroup
{
get
{
return ((ClaimsIdentity)this.Identity).FindFirst("ActiveGroup").Value;
}
}
/// <summary>
/// Gets the email.
/// </summary>
/// <value>
/// The email.
/// </value>
public string Email
{
get
{
return this.FindFirst("Email").Value;
}
}
}
/// <summary>
/// The class BaseController
/// </summary>
public class BaseController : ApiController
{
/// <summary>
/// Gets the current user.
/// </summary>
/// <value>
/// The current user.
/// </value>
public AppUser CurrentUser
{
get
{
return new AppUser(this.User as ClaimsPrincipal);
}
}
}
public class AccountController : BaseController
{
[HttpPost]
[Route("UpdateUserGroup")]
public int UpdateUserGroup(string userGroup)
{
var user = User as ClaimsPrincipal;
var identity = user.Identity as ClaimsIdentity;
identity.RemoveClaim(identity.FindFirst("ActiveGroup"));
identity.AddClaim(new Claim("ActiveGroup", this.GetRoleNameByPresenter(userGroup)));
return 1;
}
}
The problem is that the claims are used in the authentication process and are part of the authentication token/cookie. If you want to remove a claim from the current user then you need to make sure the client get a new token/cookie.
If you're running for example bearer tokens with your api then you need to generate a new token and return that token to the client from your UpdateUserGroup(). The client then need to use the new token the next time it makes a request to the api.

Related Links

oData v4 $search error
Web Api POST inserted Data without Id created
Search API to get basic info about a website
Could not load file or assembly Newtonsoft.Json, Version=6.0.0.0
Default routing in web api
custom url authEndpoint pusher not working
filters of Odata and using or or and operator
.Net IdentityUser and Bearer Token
Open Xml formats export in Telerik Report Viewer ASP.NET Web API is behaving differently when hosted on windows server
Web API - JsonConverter - Custom Attribute
ANPR/LPR application architecture
Custom Authorization - Web Api
Generating Token using Identity
'No connection could be made because the target machine actively refused it' errors when adding UseWindowsAzureActiveDirectoryBearerAuthentication
Filter in web api [duplicate]
Secure ELMAH in Web API 2 project: Share Authorization code

Categories

HOME
android
beautifulsoup
phantom-dsl
google-spreadsheet
serialization
can
bitbucket-api
tvos
jax-ws
discrete-mathematics
arangodb
reactive-programming
jsonpath
pybossa
symmetricds
do-while
azure-powershell
coin3d
modbus-tcp
xmonad
google-container-registry
solrcloud
sar
rubymotion
string-concatenation
expressionengine3
google-cloud-print
angular-translate
sinch
vex
testcomplete
anki
left-join
vue-chartjs
reason
recurrent-neural-network
setup.py
azure-arm
escpos
android-ibeacon
linqpad
strftime
facebook-social-plugins
openal
yii2-api
vugen
datamaps
posixct
context-switch
compiler-design
filehandle
libjpeg
d3-force-directed
cpu-cache
rxtx
materialized-path-pattern
tinkerpop3
windows-azure-queues
cifilter
dimension
avspeechsynthesizer
mediametadataretriever
nss
nullable
false-sharing
vigenere
rpart
typemock
amiga
typeconverter
aspectj-maven-plugin
snackbar
diff3
dot.js
boost-program-options
genymotion-call
strawberry-perl
vbe
gae-quotas
gtm-oauth2
embedded-fonts
code-duplication
node-blade
dolby-audio-api
pclzip
twisted.web
midlet
faye
multiplexing
window-decoration
screen-size
jquery-tools
object-database
ajax-polling
application-verifier
silverlight-oob
web-application-project
application-planning
movieplayer
leader

Resources

Mobile Apps Dev
Database Users
javascript
java
csharp
php
android
MS Developer
developer works
python
ios
c
html
jquery
RDBMS discuss
Cloud Virtualization
Database Dev&Adm
javascript
java
csharp
php
python
android
jquery
ruby
ios
html
Mobile App
Mobile App
Mobile App