- ASP.NET Web API Security Essentials
- Rajesh Gunasundaram
- 64字
- 2025-02-26 10:41:22
Setting the principal
If the application has the custom authentication logic implemented, then we must set the principal in two places:
Thread.CurrentPrincipal
is the standard way to set the thread's principal in .NET.HttpContext.Current.User
is specific to ASP.NET.
The following code shows setting up the principal:
private void SetPrincipal(IPrincipal principal) { Thread.CurrentPrincipal = principal; if (HttpContext.Current != null) { HttpContext.Current.User = principal; } }