Web Api User Tracking

Question

I am in need of help with Web Api.

I am setting up a multi tenant system when each tenant has there own database of data using code first EF and web api (so that I can create multiple app platforms)

I have extended the standard ASP.NET Identity to include a client id and client model which will store all tenants and their users.

I have then created another context which tracks all the data each tenant stores.

Each tenant holds a database name which I need to access based on the authenticated user.

Not getting the user id from each api controller seems easy:

RequestContext.Principal..... etc then I can get the client and subsequently the client database name to pass to the database context however I am trying to implement a standard data repository pattern and really hate repeating myself in code yet the only way I see it working at the moment is to:

Application calls restful api after authorisation Web Api captures call Each endpoint gets the user id and passes it to the data store via the interface and subsequently into the data layer retrieving the database name for the context.

What I have a problem with here is each endpoint getting the user id. Is there a way to "store/track" the user id per session? Can this be achieved through scope dependency or something similar?

I hope that makes sense but if not please ask and I will try to clarify further, any help will be greatly appreciated.

Thanks

Carl

Answer 1

ASP WebApi does not have a session context. You may use a cookie or a request token identifier (pass this token back from login and use this token as a parameter for further API calls).

This is something I've developed some time ago. I'm simply creating a new class deriving from ApiController and I'm using this class as a base for all other API class. It is using the ASP.NET cache object which can be accessed via HttpContext. I'm using the current user-id as a reference. If you need something else, you may use another way of caching your data:

public abstract class BaseController: ApiController
{
    private readonly object _lock = new object();

    /// <summary>
    /// The customer this controller is referencing to.
    /// </summary>
    protected Guid CustomerId
    {
        get
        {
            if (!_customerId.HasValue)
            {
                InitApi();
                lock (_lock)
                {
                    if (User.Identity.IsAuthenticated)
                    {
                        Guid? customerId = HttpContext.Current.Cache["APIID" + User.Identity.Name] as Guid?;
                        if (customerId.HasValue)
                        {
                            CustomerId = customerId.Value;
                        }
                        else
                        {
                            UserProfile user = UserManager.FindByName(User.Identity.Name);
                            if (user != null)
                            {
                                CustomerId = user.CustomerId;
                                HttpContext.Current.Cache["APIID" + User.Identity.Name] = user.CustomerId;
                            }
                        }
                    }
                    else
                    {
                        _customerId = Guid.Empty;
                    }
                }
            }
            return _customerId.GetValueOrDefault();
        }
        private set { _customerId = value; }
    }
// ... more code
}

Do not blame me on the "lock" stuff. This code was some kind of "get it up and running and forget about it"...

A full example can be found here .

Answer 2

也许我与事实相去甚远，但 Web API 的状态较少，因此您实际上没有要跟踪的会话