i confused whether or not safe set thread.currentprincipal equal signed in user in mvc application i.e. can perform authorization checks in service layer?
this stackoverflow post recommends doing this.... in post author suggests there issues setting thread.currentprincipal. these issues?
also need set thread.currentprincipal every request made logged in user?
Comments
Post a Comment