asp.net-web-api


User claim update not effected in ASP.NET Identity?


i need to update the user claim in web api after the user logged in.
but after updating the user claim it will still return previous values.
bellow code used to update active user group after the user logged in.
/// <summary>
/// The class AppUser
/// </summary>
public class AppUser : ClaimsPrincipal
{
/// <summary>
/// Initializes a new instance of the <see cref="AppUser"/> class.
/// </summary>
/// <param name="principal">The principal.</param>
public AppUser(ClaimsPrincipal principal)
: base(principal)
{
}
/// <summary>
/// Gets the name.
/// </summary>
/// <value>
/// The name.
/// </value>
public string Name
{
get
{
return this.FindFirst(ClaimTypes.Name).Value;
}
}
/// <summary>
/// Gets the name of the user.
/// </summary>
/// <value>
/// The name of the user.
/// </value>
public string UserName
{
get
{
return this.FindFirst("UserName").Value;
}
}
/// <summary>
/// Gets the active group.
/// </summary>
/// <value>
/// The active group.
/// </value>
public string ActiveGroup
{
get
{
return ((ClaimsIdentity)this.Identity).FindFirst("ActiveGroup").Value;
}
}
/// <summary>
/// Gets the email.
/// </summary>
/// <value>
/// The email.
/// </value>
public string Email
{
get
{
return this.FindFirst("Email").Value;
}
}
}
/// <summary>
/// The class BaseController
/// </summary>
public class BaseController : ApiController
{
/// <summary>
/// Gets the current user.
/// </summary>
/// <value>
/// The current user.
/// </value>
public AppUser CurrentUser
{
get
{
return new AppUser(this.User as ClaimsPrincipal);
}
}
}
public class AccountController : BaseController
{
[HttpPost]
[Route("UpdateUserGroup")]
public int UpdateUserGroup(string userGroup)
{
var user = User as ClaimsPrincipal;
var identity = user.Identity as ClaimsIdentity;
identity.RemoveClaim(identity.FindFirst("ActiveGroup"));
identity.AddClaim(new Claim("ActiveGroup", this.GetRoleNameByPresenter(userGroup)));
return 1;
}
}
The problem is that the claims are used in the authentication process and are part of the authentication token/cookie. If you want to remove a claim from the current user then you need to make sure the client get a new token/cookie.
If you're running for example bearer tokens with your api then you need to generate a new token and return that token to the client from your UpdateUserGroup(). The client then need to use the new token the next time it makes a request to the api.

Related Links

Mapping UrlEncoded POST Values in ASPNET Web API
passing token at every request with web api
Passing logged on user to Angular services (Windows Authentication)
Secure WebAPI with ADFS 3 and jscript client
How to add reference for OData v4 endpoint using asp.net web api 2.2 to mvc client application
How to retrieve all requested params in .NET Web API 2?
Integrating extjs 5 app build with sencha cmd and WebAPI in Visual Studio
ASP.Net MVC: Intercepting routing and forwarding to different actions/routes
Multiple actions were found that match the request - WebApi
Return a list of error messages with 400 Bad Request response in Web API 2
OData 3 for Web API 2: Properties of type System.Object are not sent to the client
BreezeJs With Web API OData Returns “404” error when try to read Meta Data information
Should I use a Web API 2.2 custom filter or message handler?
Web API returning list of files from folder via JSON
Why won't my call to a Web API route to the correct method?
Https and Http only on .net webapi v2 actions

Categories

HOME
shell
go
google-app-engine
facebook-oauth
twitter-bootstrap-3
turing-machines
api
fpga
css3
android-studio-2.2
datastore
yahoo-finance
oracle-apex-5
maxscript
google-admin-sdk
pcl-crypto
categorical-data
java.util.logging
redis-sentinel
gource
jersey-1.0
pyramid
oledb
ksh
question2answer
fable-f#
genexus-sd
winexe
user-defined-functions
scrollview
aws-codecommit
mailkit
installshield-le
getpixel
installscript
tex
password-protection
wmp
preloader
yii2-api
remedy
stdmap
azure-cli
semantic-logging
modelsim
edit
headless
sundials
bbpress
css-transforms
lsyncd
monkey
d3-force-directed
cd-burning
branch-prediction
juice-ui
mapxtreme
reporting-services-2012
ziparchive
pre-build-event
tracker-enabled-dbcontext
dllimport
poppler
rpart
skspritenode
git-ftp
xmltype
openbabel
sonarqube-5.0
contrast
insight.database
xml-namespaces
lambda-architecture
getopt
onload-event
vfs
role
promotion-code
tournament
tmx
timertask
ie-compatibility-mode
easyb
openfaces
pagemethods
django-piston
web-application-project
sifr3
product-management
blind
netbeans6.1

Resources

Mobile Apps Dev
Database Users
javascript
java
csharp
php
android
MS Developer
developer works
python
ios
c
html
jquery
RDBMS discuss
Cloud Virtualization
Database Dev&Adm
javascript
java
csharp
php
python
android
jquery
ruby
ios
html
Mobile App
Mobile App
Mobile App