asp.net-web-api


User claim update not effected in ASP.NET Identity?


i need to update the user claim in web api after the user logged in.
but after updating the user claim it will still return previous values.
bellow code used to update active user group after the user logged in.
/// <summary>
/// The class AppUser
/// </summary>
public class AppUser : ClaimsPrincipal
{
/// <summary>
/// Initializes a new instance of the <see cref="AppUser"/> class.
/// </summary>
/// <param name="principal">The principal.</param>
public AppUser(ClaimsPrincipal principal)
: base(principal)
{
}
/// <summary>
/// Gets the name.
/// </summary>
/// <value>
/// The name.
/// </value>
public string Name
{
get
{
return this.FindFirst(ClaimTypes.Name).Value;
}
}
/// <summary>
/// Gets the name of the user.
/// </summary>
/// <value>
/// The name of the user.
/// </value>
public string UserName
{
get
{
return this.FindFirst("UserName").Value;
}
}
/// <summary>
/// Gets the active group.
/// </summary>
/// <value>
/// The active group.
/// </value>
public string ActiveGroup
{
get
{
return ((ClaimsIdentity)this.Identity).FindFirst("ActiveGroup").Value;
}
}
/// <summary>
/// Gets the email.
/// </summary>
/// <value>
/// The email.
/// </value>
public string Email
{
get
{
return this.FindFirst("Email").Value;
}
}
}
/// <summary>
/// The class BaseController
/// </summary>
public class BaseController : ApiController
{
/// <summary>
/// Gets the current user.
/// </summary>
/// <value>
/// The current user.
/// </value>
public AppUser CurrentUser
{
get
{
return new AppUser(this.User as ClaimsPrincipal);
}
}
}
public class AccountController : BaseController
{
[HttpPost]
[Route("UpdateUserGroup")]
public int UpdateUserGroup(string userGroup)
{
var user = User as ClaimsPrincipal;
var identity = user.Identity as ClaimsIdentity;
identity.RemoveClaim(identity.FindFirst("ActiveGroup"));
identity.AddClaim(new Claim("ActiveGroup", this.GetRoleNameByPresenter(userGroup)));
return 1;
}
}
The problem is that the claims are used in the authentication process and are part of the authentication token/cookie. If you want to remove a claim from the current user then you need to make sure the client get a new token/cookie.
If you're running for example bearer tokens with your api then you need to generate a new token and return that token to the client from your UpdateUserGroup(). The client then need to use the new token the next time it makes a request to the api.

Related Links

ClientCertificates in WebRequestHandler
if else statement before api action
Ionic 2 ASP APi token request
serving multiple bots from one bot instance [closed]
Cannot POST api call from .net core MVC
Get web api appSettings as collection of name-value pairs
web api : checking odata query
How to inject async-scoped dependencies into IOAuthAuthorizationServerProvider?
Web Api built with msbuild does not work due to Microsoft.DiaSymReader.Native assemblies
RestSharp request to Auth0 for authorization code grant not returning code parameter
HttpParameterBinding not getting called
Web Api calling from Ui Controller
How to send multiple mime type in Accept header of httprequest from WebAPI?
ApiControllerActionSelector equivalent in Asp .net MVC core
Authorize Attribute Authentication with Postman in Web Api
How to update AutoRest in visual studio 2017

Categories

HOME
django
phpword
porting
paraview
fuelux
ggplot2
apache-flink
webdriver
mysql-workbench
jelastic
access
square
gembox-spreadsheet
maxscript
echo
android-json
mvc5
boto3
nfs
lanczos
character
recordrtc
teechart
performancepoint
extjs4.2
pattern-matching
owin
siddhi
redis-sentinel
php-5.6
android-intent
azure-powershell
job-scheduling
vuejs
jersey-1.0
apache2.4
replication
ember-cli
aggregation
perlbrew
dapper-extensions
windows-server-2003
8051
handler
subclass
quantlib
sqlpackage
finagle
scrollview
paragraph
papaparse
browser-extension
least-squares
sharepoint-workflow
apiary.io
openproject
recurrent-neural-network
azure-arm
naming
microsoft-metro
contract
nanoc
openresty
convex-optimization
aquamacs
java-bytecode-asm
compiler-design
oozie-coordinator
sandcastle
rmongo
vcloud-director-rest-api
wso2developerstudio
simevents
ikiwiki
upx
fuzzywuzzy
halcon
pushbots
jaunt-api
sapscript
lasso
uncompress
botan
broadband
jqmodal
template-deduction
xml-dsig
cfcache
synapse
windows-embedded-standard
workitem
insert-id
server-administration
patricia-trie
kqueue
exponentiation
umra
timthumb
http-daemon
cloudfiles
luajava
hbm2java
zend-rest
scrollbars
cldc
todos
netbeans6.1
idatareader

Resources

Database Users
RDBMS discuss
Database Dev&Adm
javascript
java
csharp
php
android
javascript
java
csharp
php
python
android
jquery
ruby
ios
html
Mobile App
Mobile App
Mobile App