一个关于CurrentPrincipal的问题。
0
悬赏园豆:50
[已解决问题]
解决于 2017-05-18 12:21
((FengSharp.OneCardAccess.Infrastructure.AuthPrincipal)(System.Threading.Thread.CurrentPrincipal)).Ticket,我监视器总监视了这个值,这个值应该是个静态变量吧,但当我按下F11的时候也就是从图1到图2,奇迹的发现了这个值居然变了。我也曾想是因为多线程,可我并没有使用多线程,而且监视器前后线程id是一样的。我竟无盐以对。还请各位大神指点一下。
上图为图1
上图为图2
附AuthPrincipal 的源码:
public class AuthPrincipal : IPrincipal
{
public string Ticket = null;
public IIdentity Identity
{
get;
private set;
}
public bool IsInRole(string role)
{
throw new Exception("未实现");
}
public AuthPrincipal(IIdentity iidentity)
{
this.Identity = iidentity;
}
}
最佳答案
0
Web API有两种方式进行身份验证:在宿主程序中的身份验证和使用 HTTP Message Handlers进行身份验证。
HTTP modules run earlier in the pipeline. If you handle authentication in a message handler, the principal does not get set until the handler runs. Moreover, the principal reverts back to the previous principal when the response leaves the message handler.
For web-hosting, you must set the principal in both places; otherwise the security context may become inconsistent. For self-hosting, however, HttpContext.Current is null. To ensure your code is host-agnostic, therefore, check for null before assigning to HttpContext.Current, as shown.
看看这两句话有用没,虽然已经过去很早了,偶然看见就答一下吧
收获园豆:50
