0

I have set the config section to

 <authentication mode="Forms"/>

in both the api project and the client project.

I am able to access HttpContext.Current.User.Identity.Name from the client project but not the api

HttpContext.Current.User.Identity.IsAuthenticated is false when called from API but not from client project

I have no issues accessing HttpContext.Current.Session from web api project

Am I missing something?

user1809104
  • 707
  • 2
  • 8
  • 26
  • 2
    Can't see your code so this is a shot in the dark but maybe your api project does not have access to the session of your client project. I believe user info is stored in session so that could cause this. If this is the case take a look at this: http://stackoverflow.com/questions/9594229/accessing-session-using-asp-net-web-api – Aaron Dec 08 '14 at 21:57
  • As I understood it the built in forms authentication uses cookies and not "Session" is this correct? – user1809104 Dec 08 '14 at 22:02
  • Are you authenticated ? – alexo Dec 08 '14 at 22:05
  • I have no issues accessing HttpContext.Current.Session from web api project – user1809104 Dec 08 '14 at 22:05
  • I am authenticated yes. When I log out I am unable to access any other page other than the login page - which is correct – user1809104 Dec 08 '14 at 22:06
  • HttpContext.Current.User.Identity.IsAuthenticated is false when called from API but not from client project – user1809104 Dec 08 '14 at 22:15
  • well there is your problem then, that should be `True` because its using the `Claim` Identity provider and it gets the `Name` from the claim, but since you are not authenticated, there are no claims from which to query that information. there might be a problem with your login i believe – alexo Dec 08 '14 at 22:20
  • alexo - That was unhelpful – user1809104 Dec 08 '14 at 22:26

1 Answers1

0

Gleaning from this article: http://dotnetspeak.com/2014/02/leveraging-forms-authentication-in-web-api

It is a bad idea to use HttpContext.Current.User in a web api because it ties the API to the asp.net site - it means the api can't be used by anything other than the current browser based application. It looks like there is some further config involved in sharing forms authentication with the api. Even if it were possible I'll try find another way of retrieving the current user and passing data (the id) to the API from the client as apposed to getting the current user from within the API.

user1809104
  • 707
  • 2
  • 8
  • 26