ASP.NET Web API: get client id in pre-flight request

I have incorporated CORS into my ASP.NET Web API project and I need a way to identify the user making the request before flying. This is because each client has its own authorized origin.

This is what mine looks like CorsPolicyProvider

:

public class MyCorsPolicyProvider : ICorsPolicyProvider {

    private CorsPolicy _policy;

    public MyCorsPolicyProvider() {
        _policy = new CorsPolicy {
            AllowAnyMethod= true,
            AllowAnyHeader = true
        };
    }

    public Task<CorsPolicy> GetCorsPolicyAsync(HttpRequestMessage request, CancellationToken cancellationToken) {
        var clientId = ""; // How do I get this? Getting the user name or any way to uniquely identify the user is fine.
        Client client = ClientManager.FindClient(clientId);

        if (client != null && !string.IsNullOrEmpty(client.AllowedOrigin)) {
            _policy.Origins.Add(client.AllowedOrigin);
        }

        return Task.FromResult(_policy);
    }
}

      

        
        
        
      

    

My pre-flight request does not contain any user information, so I'm not sure if this is possible. But it seems to me that this is a common scenario, no? It would be ideal if I had access to my requirements, but obviously we don't know anything about the user at the moment. Am I approaching this the wrong way?