3

I am using Basic Auth with SSL to secure my API using ASP.NET WebAPI. I do not want to use cookies or session variables but I need to have some credentials available and accessible during the lifetime of the request.

I have a RoleProvider and an access ActionFilter as well as a call to my repository that will all need access to this data.

How can I do this?

Slee
  • 27,498
  • 52
  • 145
  • 243

1 Answers1

0

Is there a reason you can't put them into the Request context?

HttpContext.Current.Items.Add("credentials", CredentialObject);

EDIT: Don't use my suggestion above. See the link in the comments for a better, testable answer.

smlync
  • 369
  • 9
  • 15
  • 1
    Using HttpContext with WebApi is considered bad practice. Its difficult to unit test and limits you to running your WebApi application on IIS only. – Josh Noe Mar 05 '13 at 18:17
  • 1
    @JoshNoe May I ask what you would recommend to be used instead ? – david.barkhuizen Sep 22 '16 at 13:42
  • 1
    @david.barkhuizen: http://stackoverflow.com/questions/10563188/carrying-per-request-context-using-the-httprequestmessage-properties – Josh Noe Sep 22 '16 at 14:46