The specific problem happens when debugging unit test with Visual Studio. VS unit test will use some VS.Diagnostic.ServiceModelSlim assembly which will host a wcf service on the debugging process to communicate with VS process. The wcf service will create threads and set T.CP to current windows user.
When unit test sends request to self hosted katana web api service, it will reuse the thread that created by wcf service and won't clear the T.CP. So any request comes in will have the current windows principal. That leads to AuthorizeAttribute won't work when running under VS unit test debugging process.
The problem can be worse since web api won't clear T.CP if there is no Server.User environment set by Katana. The T.CP can be anything that is set by a previous operation.
Comments: We can set an anonymous principal if we don't have a user from the OWIN environment.
When unit test sends request to self hosted katana web api service, it will reuse the thread that created by wcf service and won't clear the T.CP. So any request comes in will have the current windows principal. That leads to AuthorizeAttribute won't work when running under VS unit test debugging process.
The problem can be worse since web api won't clear T.CP if there is no Server.User environment set by Katana. The T.CP can be anything that is set by a previous operation.
Comments: We can set an anonymous principal if we don't have a user from the OWIN environment.