Web Api 2 HttpContext or HttpActionContext

Question

What is the difference between the following two ways of accessing the principle via an AuthorizeAttribute implementation?

Using HttpContext:

protected override bool IsAuthorized(HttpActionContext actionContext)
{
    return HttpContext.Current.User.IsInRole("DemoRole");
}

Using HttpActionContext:

protected override bool IsAuthorized(HttpActionContext actionContext)
{
    return actionContext.RequestContext.Principal.IsInRole("DemoRole");
}

`HttpContext` as documented, it encapsulates all HTTP-specific information about an individual HTTP request, where as `HttpActionContext` is only applicable inside the Action. — Isham Mohamed, Nov 10 '17 at 06:18

score 4 · Answer 1 · answered May 27 '20 at 13:50

They are the same, which you can prove by including this line in the method:

Debug.Assert(actionContext.RequestContext.Principal == HttpContext.Current.User);

I would personally use the actionContext, since using HttpContext.Current creates a dependency, and makes it harder to e.g. unit test.

1 Answers1