The issue
When utilizing the GetCurrentIdentity method of ClaimsManager to access the current user’s identity from within your custom Web API, the identity is always returning Anonymous – even for logged in users. This happens when you wire up a custom Web API route to /api/. For example:
config.Routes.MapHttpRoute( name: "DefaultApi", routeTemplate: "api/{controller}/{id}/{action}", defaults: new { id = RouteParameter.Optional, action = RouteParameter.Optional } );
The cause
The /api/ route is conflicting with Sitefinity’s out-of-the-box web services. Sitefinity’s web services utilize bearer token authentication.
The fix
You could configure your client to always provide the token in the authorization headers. Or… you can just change Sitefinity’s out-of-the-box web services path so it does not conflict with your own.
Administration -> Settings -> Advanced -> WebServices -> Routes -> Frontend (Change the url name from “api” to “sfapi”)
Or, you could always configure your custom API to be on another route. The decision is yours.