Bit late for an answer but this is best solution if you are using HttpActionContext in your filter You can always use it as mentioned here:-
public override Task OnActionExecutingAsync(HttpActionContext actionContext, CancellationToken cancellationToken)
{
if (actionContext.RequestContext.Principal.Identity.IsAuthenticated)
{
var userName = actionContext.RequestContext.Principal.Identity.Name;
}
}