The specific problem happens when debugging unit test with Visual Studio. VS unit test will use some VS.Diagnostic.ServiceModelSlim assembly which will host a wcf service on the debugging process to communicate with VS process. The wcf service will create threads and set T.CP to current windows user.
When unit test sends request to self hosted katana web api service, it will reuse the thread that created by wcf service and won't clear the T.CP. So any request comes in will have the current windows principal. That leads to AuthorizeAttribute won't work when running under VS unit test debugging process.
The problem can be worse since web api won't clear T.CP if there is no Server.User environment set by Katana. The T.CP can be anything that is set by a previous operation.
Comments: Attach the repro project. Debug Startup.Fact by VS unit test debug test context menu. Request to http://localhost:12345/Auth/ProtectedResource1 It should show ProtectedResource1 instead of unauthorized error.
When unit test sends request to self hosted katana web api service, it will reuse the thread that created by wcf service and won't clear the T.CP. So any request comes in will have the current windows principal. That leads to AuthorizeAttribute won't work when running under VS unit test debugging process.
The problem can be worse since web api won't clear T.CP if there is no Server.User environment set by Katana. The T.CP can be anything that is set by a previous operation.
Comments: Attach the repro project. Debug Startup.Fact by VS unit test debug test context menu. Request to http://localhost:12345/Auth/ProtectedResource1 It should show ProtectedResource1 instead of unauthorized error.