Thinktecture IdentityModel and Web API v2 / Katana

If you are using IdentityModel and the AuthenticationHandler to secure your Web APIs – we have some good and some bad news.

The good news is, that IdentityModel continues to work in Web API v2 when using the “standard” hosting model (ASP.NET).

Unfortunately, and due to a breaking change, it won’t work anymore when you switch to OWIN/Katana hosting. The reason for that is that ApiController.User  is not backed by Thread.CurrentPrincipal anymore (but the new RequestContext). All code relying on .User (or AuthorizeAttribute) will break.

Many of the things that AuthenticationHandler does for you can now be established with the new Katana authentication middleware, e.g. parsing and validation JWTs. Some other things are still missing.

Let us know if you need AuthenticationHandler in an OWIN environment, so we can find out if that is an issue for many people or not (and provide a solution for it).

This entry was posted in IdentityModel, Katana, WebAPI. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s