Older CSLA with asp.net web api - authentication, what am I doing wrong?

Older CSLA with asp.net web api - authentication, what am I doing wrong?

Old forum URL: forums.lhotka.net/forums/t/12724.aspx

JCardina posted on Monday, August 18, 2014

Can anyone save some of my hair? :)

I'm trying to create an asp.net WEB API interface for an older CSLA project.  I am testing by hard coding the login on every request in various ways (once in the startup code, as an authorization request filter, inside the individual route request etc etc).  All the ways I tried work exactly once perfectly and then I get the infamous:

'Default principal object cannot be set twice.'

exception in BusinessPrincipal.vb (yeah I know it's very old, but it's released software, I can't upgrade CSLA)

I know that there is an issue where you need to set HttpContext.Current.User = Thread.CurrentPrincipal; due to some internal workings of the web API and I do that already, that has not resolved the issue.

I'd like to know if anyone has implemented a web api front end and how they handled this issue or any pointers as to what could be the solution.

JCardina replied on Wednesday, August 20, 2014

I'm going to answer my own question here in the hopes it will help someone else in future.  My problems revolved around two things: I was using the visual studio web server and it seems to go snakey on a regular basis and I highly recommend people not use it for this kind of thing but rather use IIS instead.

Secondly and the initial source of my problem was a line of code in BusinessPrincipal.vb constructor which has the following block of code:


               If Not TypeOf OldPrincipal Is BusinessPrincipal  Then


                End If


                ' failed, but we don't care because there's nothing

                ' we can do in this case

            End Try


This was causing the exception.  I added an alternative to initialize the business object library and pass in a parameter that bypasses that line of code and it works perfectly.

Copyright (c) Marimer LLC