asp.net-web-api


User claim update not effected in ASP.NET Identity?


i need to update the user claim in web api after the user logged in.
but after updating the user claim it will still return previous values.
bellow code used to update active user group after the user logged in.
/// <summary>
/// The class AppUser
/// </summary>
public class AppUser : ClaimsPrincipal
{
/// <summary>
/// Initializes a new instance of the <see cref="AppUser"/> class.
/// </summary>
/// <param name="principal">The principal.</param>
public AppUser(ClaimsPrincipal principal)
: base(principal)
{
}
/// <summary>
/// Gets the name.
/// </summary>
/// <value>
/// The name.
/// </value>
public string Name
{
get
{
return this.FindFirst(ClaimTypes.Name).Value;
}
}
/// <summary>
/// Gets the name of the user.
/// </summary>
/// <value>
/// The name of the user.
/// </value>
public string UserName
{
get
{
return this.FindFirst("UserName").Value;
}
}
/// <summary>
/// Gets the active group.
/// </summary>
/// <value>
/// The active group.
/// </value>
public string ActiveGroup
{
get
{
return ((ClaimsIdentity)this.Identity).FindFirst("ActiveGroup").Value;
}
}
/// <summary>
/// Gets the email.
/// </summary>
/// <value>
/// The email.
/// </value>
public string Email
{
get
{
return this.FindFirst("Email").Value;
}
}
}
/// <summary>
/// The class BaseController
/// </summary>
public class BaseController : ApiController
{
/// <summary>
/// Gets the current user.
/// </summary>
/// <value>
/// The current user.
/// </value>
public AppUser CurrentUser
{
get
{
return new AppUser(this.User as ClaimsPrincipal);
}
}
}
public class AccountController : BaseController
{
[HttpPost]
[Route("UpdateUserGroup")]
public int UpdateUserGroup(string userGroup)
{
var user = User as ClaimsPrincipal;
var identity = user.Identity as ClaimsIdentity;
identity.RemoveClaim(identity.FindFirst("ActiveGroup"));
identity.AddClaim(new Claim("ActiveGroup", this.GetRoleNameByPresenter(userGroup)));
return 1;
}
}
The problem is that the claims are used in the authentication process and are part of the authentication token/cookie. If you want to remove a claim from the current user then you need to make sure the client get a new token/cookie.
If you're running for example bearer tokens with your api then you need to generate a new token and return that token to the client from your UpdateUserGroup(). The client then need to use the new token the next time it makes a request to the api.

Related Links

ASP.NET5 log4net
ASP.net WebAPI or WCF
Difference between refresh_token and access_token
Skype for Business UCWA and Web API with Office365
Enabling multiple CORS for Web API
is there a way to integrate asp.net web API with swagger2
Sending custom http response code from GrantResourceOwnerCredentials
what are the uses of the session in asp.net explain with real example.how to declare the session
ASP.Net WEB API WebService - Config File
Use Asp.Net Identity to secure WebApi controllers
DataServiceContext ignoring navigation property when creating new entity
Breeze.js: Ampersand character (“&”) in where clause throws error
Intermittent “Could not load type 'System.Net.Http.Formatting.FormUrlEncodedMediaTypeFormatter'” Error
When writing Web Api method in .Net is it necessary to have the method name prefix with HTTP code like GET, Post etc?
How to UrlDecode without having System.Web dll in c#
Autofac OWIN Web API current scope

Categories

HOME
google-app-engine
phantom-dsl
telegram
ecmascript-6
pyqt
toolbox
battery
zip
elasticsearch-5
computer-science
dkim
mod-security
why3
mxgraph
keytool
linear-algebra
imessage
identity-management
swagger-2.0
topology
microsoft-ocr
short-url
comparator
dynamically-generated
beta
game-theory
corpus
fragment-backstack
tpm
constexpr
userdefaults
panoramas
cognos-bi
contacts
modalviewcontroller
sharepoint-workflow
raft
wurfl
tex
modernizr
amazon-ses
linq-to-objects
levenshtein-distance
parser-generator
print-css
apache-spark-dataset
mesosphere
ovf
openal
rserve
twilio-click-to-call
bluez
boo
er-diagram
offline.js
cronexpression
angular2-testing
mta
cfchart
tracker-enabled-dbcontext
nullable
halcon
mobiledoc-kit
opl
roadkill-wiki
dock
botan
omnifaces
snoop
user-permissions
bcache
cross-join
dbaccess
jbake
viewer
iiop
crowd
contrast
trdion2011
verold
codeplex
parallel-testing
gnumeric
draw2d-js
fpdi
drupal-nodes
observium
process-explorer
font-awesome-4.0.0
argouml
w3c-geolocation
interop-domino
dojo-dnd

Resources

Mobile Apps Dev
Database Users
javascript
java
csharp
php
android
MS Developer
developer works
python
ios
c
html
jquery
RDBMS discuss
Cloud Virtualization
Database Dev&Adm
javascript
java
csharp
php
python
android
jquery
ruby
ios
html
Mobile App
Mobile App
Mobile App