HttpServer captures Thread.CurrentPrincipal and restores it to this original value when finished handling a request. However, it is reset before the formatters have been asked to serialize their response.
Impact is low because only the formatters encounter this, and it unlikely they require the principal.
To reproduce this, write a custom message handler that sets Thread.CurrentPrincipal to some custom principal. Also write a custom media type formatter that accesses Thread.CurrentPrincipal in its WriteToStreamAsync() method.
Expected: Thread.CurrentPrincipal is the custom one set in message handler
Actual: Thread.CurrentPrincipal has been reset back to what it was when the request was received.
Comments: I have worked around this using a DelegatingHandler as shown in my post here http://forums.asp.net/post/5134468.aspx Not sure if this causes different problems though.
Impact is low because only the formatters encounter this, and it unlikely they require the principal.
To reproduce this, write a custom message handler that sets Thread.CurrentPrincipal to some custom principal. Also write a custom media type formatter that accesses Thread.CurrentPrincipal in its WriteToStreamAsync() method.
Expected: Thread.CurrentPrincipal is the custom one set in message handler
Actual: Thread.CurrentPrincipal has been reset back to what it was when the request was received.
Comments: I have worked around this using a DelegatingHandler as shown in my post here http://forums.asp.net/post/5134468.aspx Not sure if this causes different problems though.