I am in the process of creating a RESTful service layer leveraging the WCF Web API and I just need some clarification and/or confirmation that the Csla.ApplicationContextUser will not change during the method call.
An example of one of my methods looks like:
[WebInvoke(UriTemplate = "workspace?token={token}", Method = "PUT")]
public HttpResponseMessage<WorkspaceEditData> UpdateWorkspace(string token, WorkspaceEditData data)
{
AuthenticationHelper.ValidateToken(token);
AuthenticationHelper.Login(token);
var workspaceEdit = WorkspaceEdit.FetchWorkspaceEdit(data.WorkspaceId);
workspaceEdit.Description = data.Description;
workspaceEdit.Name = data.Name;
if (workspaceEdit.IsValid)
{
workspaceEdit = workspaceEdit.Save();
}
var workspaceData = new WorkspaceEditData(workspaceEdit);
AuthenticationHelper.Logout();
return new HttpResponseMessage<WorkspaceEditData>(workspaceData);
}
Will the user that is logged in via my method that does a LoadPrincipal based on the token/username ... be the same throughout the method call?
Once the User property is set it won't change unless your code changes it.
On a web server, the User property value is actually stored in HttpContext, and ASP.NET manages the context object to ensure it is consistent throughout the life of the web request.
I should say, however, that WCF does have its own pipeline. In the Using CSLA 3.0 ebook I have a chapter discussing some of the deeper behaviors that occur if you get fully into the WCF authentication process.
Your code doesn't appear to be running inside their authn process though - it appears to be running in the service implementation. Once your method has been invoked all the complex/nasty stuff has already occurred :)
Thanks Rocky! Appreciate the feedback!
Copyright (c) Marimer LLC