Add owin.RequestUser

src/Microsoft.AspNet.Owin/OwinConstants.cs

@@ -20,11 +20,12 @@ internal static class OwinConstants
 
         #endregion
 
-        #region OWIN v1.1.0 - 3.2.1 Request Data
+        #region OWIN v1.0.1 - 3.2.1 Request Data
 
-        // OWIN 1.1.0 http://owin.org/html/owin.html
+        // OWIN 1.0.1 http://owin.org/html/owin.html
 
         public const string RequestId = "owin.RequestId";
+        public const string RequestUser = "owin.RequestUser";
 
         #endregion
 

src/Microsoft.AspNet.Owin/OwinEnvironment.cs

@@ -9,6 +9,7 @@
 using System.Linq;
 using System.Net;
 using System.Net.WebSockets;
+using System.Security.Claims;
 using System.Security.Cryptography.X509Certificates;
 using System.Security.Principal;
 using System.Threading;
@@ -57,6 +58,7 @@ public OwinEnvironment(HttpContext context)
                     (feature, value) => feature.QueryString = Utilities.AddQuestionMark(Convert.ToString(value))) },
                 { OwinConstants.RequestHeaders, new FeatureMap<IHttpRequestFeature>(feature => feature.Headers, (feature, value) => feature.Headers = (IDictionary<string, string[]>)value) },
                 { OwinConstants.RequestBody, new FeatureMap<IHttpRequestFeature>(feature => feature.Body, () => Stream.Null, (feature, value) => feature.Body = (Stream)value) },
+                { OwinConstants.RequestUser, new FeatureMap<IHttpAuthenticationFeature>(feature => feature.User, () => null, (feature, value) => feature.User = (ClaimsPrincipal)value) },
 
                 { OwinConstants.ResponseStatusCode, new FeatureMap<IHttpResponseFeature>(feature => feature.StatusCode, () => 200, (feature, value) => feature.StatusCode = Convert.ToInt32(value)) },
                 { OwinConstants.ResponseReasonPhrase, new FeatureMap<IHttpResponseFeature>(feature => feature.ReasonPhrase, (feature, value) => feature.ReasonPhrase = Convert.ToString(value)) },

src/Microsoft.AspNet.Owin/OwinFeatureCollection.cs

@@ -263,8 +263,16 @@ void IHttpRequestLifetimeFeature.Abort()
 
         ClaimsPrincipal IHttpAuthenticationFeature.User
         {
-            get { return Utilities.MakeClaimsPrincipal(Prop<IPrincipal>(OwinConstants.Security.User)); }
-            set { Prop(OwinConstants.Security.User, value); }
+            get
+            {
+                return Prop<ClaimsPrincipal>(OwinConstants.RequestUser)
+                    ?? Utilities.MakeClaimsPrincipal(Prop<IPrincipal>(OwinConstants.Security.User));
+            }
+            set
+            {
+                Prop(OwinConstants.RequestUser, value);
+                Prop(OwinConstants.Security.User, value);
+            }
         }
 
         IAuthenticationHandler IHttpAuthenticationFeature.Handler { get; set; }

test/Microsoft.AspNet.Owin.Tests/OwinEnvironmentTests.cs

@@ -39,7 +39,9 @@ public void OwinEnvironmentCanBeCreated()
 
             IDictionary<string, object> env = new OwinEnvironment(context);
             Assert.Equal("SomeMethod", Get<string>(env, "owin.RequestMethod"));
+            // User property should set both server.User (non-standard) and owin.RequestUser.
             Assert.Equal("Foo", Get<ClaimsPrincipal>(env, "server.User").Identity.AuthenticationType);
+            Assert.Equal("Foo", Get<ClaimsPrincipal>(env, "owin.RequestUser").Identity.AuthenticationType);
             Assert.Same(Stream.Null, Get<Stream>(env, "owin.RequestBody"));
             var requestHeaders = Get<IDictionary<string, string[]>>(env, "owin.RequestHeaders");
             Assert.NotNull(requestHeaders);
@@ -65,6 +67,10 @@ public void OwinEnvironmentCanBeModified()
 
             env["owin.RequestMethod"] = "SomeMethod";
             env["server.User"] = new ClaimsPrincipal(new ClaimsIdentity("Foo"));
+            Assert.Equal("Foo", context.User.Identity.AuthenticationType);
+            // User property should fall back from owin.RequestUser to server.User.
+            env["owin.RequestUser"] = new ClaimsPrincipal(new ClaimsIdentity("Bar"));
+            Assert.Equal("Bar", context.User.Identity.AuthenticationType);
             env["owin.RequestBody"] = Stream.Null;
             var requestHeaders = Get<IDictionary<string, string[]>>(env, "owin.RequestHeaders");
             Assert.NotNull(requestHeaders);
@@ -81,7 +87,6 @@ public void OwinEnvironmentCanBeModified()
             env["owin.ResponseStatusCode"] = 201;
 
             Assert.Equal("SomeMethod", context.Request.Method);
-            Assert.Equal("Foo", context.User.Identity.AuthenticationType);
             Assert.Same(Stream.Null, context.Request.Body);
             Assert.Equal("CustomRequestValue", context.Request.Headers["CustomRequestHeader"]);
             Assert.Equal("/path", context.Request.Path.Value);