asp.net-web-api


User claim update not effected in ASP.NET Identity?


i need to update the user claim in web api after the user logged in.
but after updating the user claim it will still return previous values.
bellow code used to update active user group after the user logged in.
/// <summary>
/// The class AppUser
/// </summary>
public class AppUser : ClaimsPrincipal
{
/// <summary>
/// Initializes a new instance of the <see cref="AppUser"/> class.
/// </summary>
/// <param name="principal">The principal.</param>
public AppUser(ClaimsPrincipal principal)
: base(principal)
{
}
/// <summary>
/// Gets the name.
/// </summary>
/// <value>
/// The name.
/// </value>
public string Name
{
get
{
return this.FindFirst(ClaimTypes.Name).Value;
}
}
/// <summary>
/// Gets the name of the user.
/// </summary>
/// <value>
/// The name of the user.
/// </value>
public string UserName
{
get
{
return this.FindFirst("UserName").Value;
}
}
/// <summary>
/// Gets the active group.
/// </summary>
/// <value>
/// The active group.
/// </value>
public string ActiveGroup
{
get
{
return ((ClaimsIdentity)this.Identity).FindFirst("ActiveGroup").Value;
}
}
/// <summary>
/// Gets the email.
/// </summary>
/// <value>
/// The email.
/// </value>
public string Email
{
get
{
return this.FindFirst("Email").Value;
}
}
}
/// <summary>
/// The class BaseController
/// </summary>
public class BaseController : ApiController
{
/// <summary>
/// Gets the current user.
/// </summary>
/// <value>
/// The current user.
/// </value>
public AppUser CurrentUser
{
get
{
return new AppUser(this.User as ClaimsPrincipal);
}
}
}
public class AccountController : BaseController
{
[HttpPost]
[Route("UpdateUserGroup")]
public int UpdateUserGroup(string userGroup)
{
var user = User as ClaimsPrincipal;
var identity = user.Identity as ClaimsIdentity;
identity.RemoveClaim(identity.FindFirst("ActiveGroup"));
identity.AddClaim(new Claim("ActiveGroup", this.GetRoleNameByPresenter(userGroup)));
return 1;
}
}
The problem is that the claims are used in the authentication process and are part of the authentication token/cookie. If you want to remove a claim from the current user then you need to make sure the client get a new token/cookie.
If you're running for example bearer tokens with your api then you need to generate a new token and return that token to the client from your UpdateUserGroup(). The client then need to use the new token the next time it makes a request to the api.

Related Links

WebApi Url should allow special characters like forward slash(/) , ( and )
Test a Controller decorated with [Authorize] attribute via TestServer
how to design mapping entities between two disparate system in web api
Restfull API allow control allow origin error
Owin Middleware for the Authentication,during the windows service host
OWIN - clear invalid WSFederation cookies
When POST has Id in the URI - should Id also be in Body Model Parameters? Web API
HTTP Verbs, WebAPI
Delegate Handler :Remove “Server” response header SelfHost API
Can swagger generate stubs for WebAPI using .net framework 4.5?
SendGrid: How to use webhook for to get notification email in c#?
Web API 404 Error
WebAPI2 Serialization error
Custom logic on social Login
system.webServer/security/authorization in web.config how to migrate to aspcore
authenticate Angular 2 against ADFS via Web API

Categories

HOME
beautifulsoup
assembly
oracle12c
telegram
wakanda
phpmyadmin
nunit
formal-languages
pda
toolbox
interface
package
graphics
grafana
pdfbox
seo
spring-data-mongodb
cublas
soa
parameters
pyqt4
limit
interpolation
google-cloud-datalab
azure-container-service
joomla3.0
little-proxy
octave
plist
windows-ce
supervisor
video-editing
shortest-path
solrcloud
ksh
cgbitmapcontext
exit
dapper-extensions
corpus
tizen-tv
mql
constexpr
anki
mustache
sql-server-2000
hibernate-validator
hreflang
activexobject
browser-extension
navigator
openproject
odroid
gdata
c9.io
mcustomscrollbar
apriori
ssrs-2014
http-request
photos
httr
openresty
lightning
corruption
stdmap
sundials
vibrate
gets
usart
pure-css
reporting-services-2012
android-dateutils
data-protection
phpwebsocket
redis-cluster
upx
ascii-art
spring-retry
character-replacement
java-money
.bash-profile
pyobjc
snoop
telepat
kubuntu
procedural-programming
apache-spark-1.3
wcm
jama
with-statement
matrix-inverse
winginx
vsx
file-not-found
vbe
qscrollarea
code-duplication
flex++
wp7test
fb.ui
curb
saleslogix
lambdaj
flex-mobile
fsevents
resharper-6.0
delimited-text
opml
pagemethods
echo3
feasibility
sifr3
mathematical-typesetting

Resources

Encrypt Message