WCF Web API and Csla.ApplicationContextUser

WCF Web API and Csla.ApplicationContextUser

Old forum URL: forums.lhotka.net/forums/t/11151.aspx


mattruma posted on Monday, February 13, 2012

I am in the process of creating a RESTful service layer leveraging the WCF Web API and I just need some clarification and/or confirmation that the Csla.ApplicationContextUser will not change during the method call.

An example of one of my methods looks like:

       [WebInvoke(UriTemplate = "workspace?token={token}", Method = "PUT")]
        public HttpResponseMessage<WorkspaceEditData> UpdateWorkspace(string token, WorkspaceEditData data)
        {
            AuthenticationHelper.ValidateToken(token);

            AuthenticationHelper.Login(token);

            var workspaceEdit = WorkspaceEdit.FetchWorkspaceEdit(data.WorkspaceId);

            workspaceEdit.Description = data.Description;
            workspaceEdit.Name = data.Name;

            if (workspaceEdit.IsValid)
            {
                workspaceEdit = workspaceEdit.Save();
            }

            var workspaceData = new WorkspaceEditData(workspaceEdit);

            AuthenticationHelper.Logout();

            return new HttpResponseMessage<WorkspaceEditData>(workspaceData);
        }

Will the user that is logged in via my method that does a LoadPrincipal based on the token/username ... be the same throughout the method call?

RockfordLhotka replied on Monday, February 13, 2012

Once the User property is set it won't change unless your code changes it.

On a web server, the User property value is actually stored in HttpContext, and ASP.NET manages the context object to ensure it is consistent throughout the life of the web request.

RockfordLhotka replied on Monday, February 13, 2012

I should say, however, that WCF does have its own pipeline. In the Using CSLA 3.0 ebook I have a chapter discussing some of the deeper behaviors that occur if you get fully into the WCF authentication process.

Your code doesn't appear to be running inside their authn process though - it appears to be running in the service implementation. Once your method has been invoked all the complex/nasty stuff has already occurred :)

mattruma replied on Monday, February 13, 2012

Thanks Rocky! Appreciate the feedback!

Copyright (c) Marimer LLC