asp.net-web-api


User claim update not effected in ASP.NET Identity?


i need to update the user claim in web api after the user logged in.
but after updating the user claim it will still return previous values.
bellow code used to update active user group after the user logged in.
/// <summary>
/// The class AppUser
/// </summary>
public class AppUser : ClaimsPrincipal
{
/// <summary>
/// Initializes a new instance of the <see cref="AppUser"/> class.
/// </summary>
/// <param name="principal">The principal.</param>
public AppUser(ClaimsPrincipal principal)
: base(principal)
{
}
/// <summary>
/// Gets the name.
/// </summary>
/// <value>
/// The name.
/// </value>
public string Name
{
get
{
return this.FindFirst(ClaimTypes.Name).Value;
}
}
/// <summary>
/// Gets the name of the user.
/// </summary>
/// <value>
/// The name of the user.
/// </value>
public string UserName
{
get
{
return this.FindFirst("UserName").Value;
}
}
/// <summary>
/// Gets the active group.
/// </summary>
/// <value>
/// The active group.
/// </value>
public string ActiveGroup
{
get
{
return ((ClaimsIdentity)this.Identity).FindFirst("ActiveGroup").Value;
}
}
/// <summary>
/// Gets the email.
/// </summary>
/// <value>
/// The email.
/// </value>
public string Email
{
get
{
return this.FindFirst("Email").Value;
}
}
}
/// <summary>
/// The class BaseController
/// </summary>
public class BaseController : ApiController
{
/// <summary>
/// Gets the current user.
/// </summary>
/// <value>
/// The current user.
/// </value>
public AppUser CurrentUser
{
get
{
return new AppUser(this.User as ClaimsPrincipal);
}
}
}
public class AccountController : BaseController
{
[HttpPost]
[Route("UpdateUserGroup")]
public int UpdateUserGroup(string userGroup)
{
var user = User as ClaimsPrincipal;
var identity = user.Identity as ClaimsIdentity;
identity.RemoveClaim(identity.FindFirst("ActiveGroup"));
identity.AddClaim(new Claim("ActiveGroup", this.GetRoleNameByPresenter(userGroup)));
return 1;
}
}
The problem is that the claims are used in the authentication process and are part of the authentication token/cookie. If you want to remove a claim from the current user then you need to make sure the client get a new token/cookie.
If you're running for example bearer tokens with your api then you need to generate a new token and return that token to the client from your UpdateUserGroup(). The client then need to use the new token the next time it makes a request to the api.

Related Links

Web API Batch requests failing in Postman
OData V4 AddObject SetLink odata.bind does not trasmit related entities
Breeze - Add/create partial entity to metadata
Consume Atlassian Webhook with ASP.NET WebAPI?
Anti-Forgery Token + Web API (- MVC)
ASP.NET Web API XmlFormatter SetSerializer
Bind Asp.NET WebApi through port 21
Returning an odata IQueryable object that differs to the query options
REST Web API URL to update a resource property
Using windows authentication for database connection - Which user is used?
ASP Web API Help pages - Links to other pages
ServiceStack Enum Serilization vs WebApi
Kendo & Web API using OData: ODataActionParameters is null
WebAPI - Advantages of Routes over Parameters
Web API Complex Object on a Get method
Avoiding null model in ASP.Net Web API when no posted properties match the model

Categories

HOME
android
service-worker
phantom-dsl
search
google-cloud-platform
twitter-bootstrap-3
time-complexity
forms
static-site
spring-data-mongodb
rom
spring-session
frontend
nstableheaderview
computer-science
mxgraph
rtf
filechannel
dreamweaver
easyphp
cfml
question2answer
roslyn
hta
php-mysqlidb
short-url
maze
jackson-modules
amazon-quicksight
ceylon
database-comparison
glib
sammy.js
openwhisk
html-encode
apic
docfx
playframework-2.1
git-rewrite-history
timing
xdocreport
modernizr
doc
portforwarding
vaadin-elements
jquery-ui-draggable
serde
chai-as-promised
openblas
lightning
modelsim
avx
check-mk
libjpeg
java-websocket
objectscript
bootstrap-tags-input
rxtx
node-request
windows-azure-queues
tooleap
appscale
lua-telegram-bot
gcloud-ruby
html-to-pdf
np-spring
false-sharing
flock
pax-exam
dulwich
branch-and-bound
liquid-layout
nsurlsessiondatatask
uvc
entity-framework-4.3
android-broadcast
public-html
android-vibration
metatrader5
formview
linkedin-jsapi
mdichild
angular-carousel
named-parameters
grails-domain-class
git-repo
sbcl
syndicationfeed
rfc5322
sphinxql
joomla-template
nokia-s40
web-farm
mapping-by-code
window-decoration
fitbounds
umra
clrstoredprocedure
objective-j
pnrp

Resources

Mobile Apps Dev
Database Users
javascript
java
csharp
php
android
MS Developer
developer works
python
ios
c
html
jquery
RDBMS discuss
Cloud Virtualization
Database Dev&Adm
javascript
java
csharp
php
python
android
jquery
ruby
ios
html
Mobile App
Mobile App
Mobile App