asp.net-web-api


User claim update not effected in ASP.NET Identity?


i need to update the user claim in web api after the user logged in.
but after updating the user claim it will still return previous values.
bellow code used to update active user group after the user logged in.
/// <summary>
/// The class AppUser
/// </summary>
public class AppUser : ClaimsPrincipal
{
/// <summary>
/// Initializes a new instance of the <see cref="AppUser"/> class.
/// </summary>
/// <param name="principal">The principal.</param>
public AppUser(ClaimsPrincipal principal)
: base(principal)
{
}
/// <summary>
/// Gets the name.
/// </summary>
/// <value>
/// The name.
/// </value>
public string Name
{
get
{
return this.FindFirst(ClaimTypes.Name).Value;
}
}
/// <summary>
/// Gets the name of the user.
/// </summary>
/// <value>
/// The name of the user.
/// </value>
public string UserName
{
get
{
return this.FindFirst("UserName").Value;
}
}
/// <summary>
/// Gets the active group.
/// </summary>
/// <value>
/// The active group.
/// </value>
public string ActiveGroup
{
get
{
return ((ClaimsIdentity)this.Identity).FindFirst("ActiveGroup").Value;
}
}
/// <summary>
/// Gets the email.
/// </summary>
/// <value>
/// The email.
/// </value>
public string Email
{
get
{
return this.FindFirst("Email").Value;
}
}
}
/// <summary>
/// The class BaseController
/// </summary>
public class BaseController : ApiController
{
/// <summary>
/// Gets the current user.
/// </summary>
/// <value>
/// The current user.
/// </value>
public AppUser CurrentUser
{
get
{
return new AppUser(this.User as ClaimsPrincipal);
}
}
}
public class AccountController : BaseController
{
[HttpPost]
[Route("UpdateUserGroup")]
public int UpdateUserGroup(string userGroup)
{
var user = User as ClaimsPrincipal;
var identity = user.Identity as ClaimsIdentity;
identity.RemoveClaim(identity.FindFirst("ActiveGroup"));
identity.AddClaim(new Claim("ActiveGroup", this.GetRoleNameByPresenter(userGroup)));
return 1;
}
}
The problem is that the claims are used in the authentication process and are part of the authentication token/cookie. If you want to remove a claim from the current user then you need to make sure the client get a new token/cookie.
If you're running for example bearer tokens with your api then you need to generate a new token and return that token to the client from your UpdateUserGroup(). The client then need to use the new token the next time it makes a request to the api.

Related Links

Web Api calling from Ui Controller
How to send multiple mime type in Accept header of httprequest from WebAPI?
ApiControllerActionSelector equivalent in Asp .net MVC core
Authorize Attribute Authentication with Postman in Web Api
How to update AutoRest in visual studio 2017
elmah.axd/stylesheet not found error
Change action in runtime depending model data
Where could a call to an removed property be cached for WebAPI app?
how can solve reference loop
NUnit test cases for Asp.Net Web API
Posting to WebAPI with ModelClass Object as Parameter
Custom Exception Handling in WEB API 2
OwinOAuthProviders RefreshToken flow
Best technique for pushing many records and files to a system: WEB API or FTP
Documenting custom error codes from ASP.NET Web API
JWT middleware ClientId configuration in Auth0

Categories

HOME
android
uml
oracle12c
twitter-bootstrap-3
time-complexity
pda
obfuscation
r-googlesheets
ms-access-2016
opendj
javacc
google-cloud-functions
pkcs#11
barcode
arangodb
project
google-chrome-app
dkim
ibeacon-android
opengl-es-3.0
openbugs
stellar.js
renjin
dynamic-sql
easyphp
template-engine
google-data-studio
symfony-console
enterprise-miner
topology
charles
r-mice
ios10.2
inno-download-plugin
flask-sqlalchemy
surveymonkey
ms-access-web-app
progress-bar
8051
bringtofront
mql
custom-controls
mustache
r-grid
imx6
magento-1.9.2.4
node-mssql
protein-database
css-position
resolution
azure-arm
doc
trigonometry
postgresql-8.4
wc
berkeley-db-je
clang++
httr
xbmc
libgphoto2
hammer.js
static-cast
truezip
css-transforms
flac
pybrain
structuremap4
rmongo
stripe-connect
redistributable
winusb
myspace
vulcanize
nikeplus-api
expectations
lua-telegram-bot
data-protection
sklearn-pandas
lz77
libav
aspen
sapi
roadkill-wiki
binomial-theorem
jsvc
snoop
rrule
actionfilterattribute
contrast
linkedin-jsapi
nsmenu
gii
unix-socket
ignite-ui
jjaql
alternate
tinyxml
terminate
gae-quotas
accesscontrolexception
jammer
isqlquery
flex++
windows-98
wimax
pstack
window-decoration
winmain
multiplatform
quotation-marks
data-mapping
localizable.strings
business-model
ifilter
leader
mathematical-typesetting

Resources

Encrypt Message



code
soft
python
ios
c
html
jquery
cloud
mobile