0

I'm currently looking to secure my ASP.NET Web API service using windows authentication. In terms of configuration, this is quite simple, and is explained here. Then, in order to secure your API, you place [Authorize] attributes on your controllers or actions.

However, if I wanted to check if a user was authenticated in a custom message handler prior to the request being routed, how would I do that? How do you pull the Windows identity out of the HTTP request and then check the active directory to see if the user is authenticated (essentially, how do you manually do whatever the [Authorize] attribute is doing)?

Andrew
  • 893
  • 12
  • 28
  • 1
    You can use `User.Identity.GetUserID()` to get the current user. Maybe this will help: http://stackoverflow.com/questions/18448637/how-to-get-current-user-and-how-to-use-user-class-in-mvc5 – Nick.Mc Nov 02 '16 at 02:51
  • Going off what the top answer says in that link, that code snippet you posted can only be used when coding within a Controller. Because I'm talking about a message handler, that would be well before you get routed to a Controller. However, the top answer mentioned an alternative `HttpContext.Current.User.Identity` which I think might just work as that information can be accessed anywhere! Thanks for your answer! – Andrew Nov 02 '16 at 03:39
  • Excellent, and now I know what a message handler is - we both win – Nick.Mc Nov 02 '16 at 04:20

0 Answers0