I've tried to research this error, but I have not found any useful information on it. We have a ASP.NET Web Api 1.0 application that was using .Net 4. We upgraded it to .Net 4.5.1, MVC 5, Web Api 2 and found an issue where we were assigning the user to the Thread.CurrentPrincipal in the [Authorize] attribute and trying to pull that information later on, but now after the upgrade, the Thread.CurrentPrincipal is lost.
public class OAuthBearer : AuthorizeAttribute
public override void OnAuthorization(HttpActionContext actionContext)
{
(...)
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity
(accessToken.ClientId, "OAuth Bearer"), accessToken.ApprovedScopes.ToArray());
(...)
}
}
Previously in our controller code we were able to pull the Thread.CurrentPrincipal and it would be set to the Generic Principal. But now after we upgraded Thread.CurrentPrincipal is lost.
One workaround was to set the Generic Principal to to HTTPContext.User which seems to be passed correctly to our controller code, but I've read that Thread.CurrentPrincipal is what you should use for Web Api.
Any help would be appreciated.