Accessing signed in user in dotnet 3.1 with HttpContextAccessor

Question

Okey, so i'm getting impatient here. :) I'm trying to access my signed in user through HttpContext.User by accessing the IHttpContextAccessor but no user is available, nor any claims. Dotnet core 3.1 is being used here. This is basically how I understand it: Sign in user with HttpContext.SignInAsync(... and then the context is available through the IHttpContextAccessor outside controllers. Now, the context is available but cant find any accessible user information from the signin. I do see that the cookies are correctly attached to the requests but there is some transformation not being done. Does anyone know what I am missing?

            //My controller action:

            var claimsIdentity = new ClaimsIdentity("Application");
            claimsIdentity.AddClaim(emailClaim);
            ... more claims

            await HttpContext.SignInAsync(
                "Application",
                new ClaimsPrincipal(claimsIdentity)
            );


            // Startup.cs:ConfigureServices
            
             services.AddHttpContextAccessor();


            // In a MyClass

            MyClass(IHttpContextAccessor accessor)
            {
                accessor.HttpContext.Claims; // Nothing
            }

Yes partially! I did inject MyClass as a singelton but the biggest issue was with my configuration somehow. Thank you for taking your time! — Nikola Sevo, Dec 17 '20 at 08:03

score 1 · Answer 1 · answered Dec 14 '20 at 05:47

As far as I know, if we has used the cookie authentication and user has already login in, we could get the claims from the httpcontext accessor.

I suggest you could firstly make sure the browser has set the authentication token via cookie to the server.

Then I suggest you could make sure you have inject myclass as the scoped not Singleton.

More details, you refer to below test codes to read the cookie.

Myclass:

public class Myclass
{
    public IHttpContextAccessor _accessor { get; set; }
     public Myclass(IHttpContextAccessor accessor)
    {
        _accessor = accessor;

      var re =  accessor.HttpContext.User.Identity as ClaimsIdentity;
        int i = 0;
    }

    public string GetName() {
        var re = _accessor.HttpContext.User.Identity as ClaimsIdentity;

        string name = re.Claims.First(x => x.Type == "name").Value;

        return name;
    }


}

Startup.cs:

    public void ConfigureServices(IServiceCollection services)
    {
        services.AddControllersWithViews();
        services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie();
        services.AddHttpContextAccessor();
        services.AddScoped(typeof(Myclass));
    }

Usage:

public class HomeController : Controller
{
    private readonly ILogger<HomeController> _logger;
    public Myclass test { get; set; }

    public HomeController(ILogger<HomeController> logger, Myclass _test)
    {
        _logger = logger;
        test = _test;
    }

    public async Task<IActionResult> IndexAsync()
    {
        var claimsIdentity = new ClaimsIdentity(CookieAuthenticationDefaults.AuthenticationScheme);
        claimsIdentity.AddClaim(new Claim("name", "aaaa"));
        await HttpContext.SignInAsync(
           CookieAuthenticationDefaults.AuthenticationScheme,
            new ClaimsPrincipal(claimsIdentity)
        );
        return View();
    }

    public async Task<IActionResult> PrivacyAsync()
    {
        var  re= test.GetName();

        return View();
    }

    [ResponseCache(Duration = 0, Location = ResponseCacheLocation.None, NoStore = true)]
    public IActionResult Error()
    {
        return View(new ErrorViewModel { RequestId = Activity.Current?.Id ?? HttpContext.TraceIdentifier });
    }
}

Result:

Thanks for the help! I did DInject MyClass as singelton so that might have been one of the issues but the main issue was my configuration. — Nikola Sevo, Dec 17 '20 at 07:53

Nikola Sevo · Accepted Answer · 2020-12-17T08:02:06.510

So, it looks like I configured my cookie authentication with google incorrectly. There might have been some issue with injecting MyClass.cs as singelton aswell so that is something to look out for.

Setup based on: how to implement google login in .net core without an entityframework provider and https://dotnetthoughts.net/aspnetcore-social-authentication-without-identity/

This is my working configuration:

            // Startup.cs:ConfigureServices
            services.AddAuthentication(v => {
                v.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                v.DefaultChallengeScheme = GoogleDefaults.AuthenticationScheme;
            })
            .AddCookie()
            .AddGoogle(GoogleDefaults.AuthenticationScheme, options =>
            {
                IConfigurationSection googleAuthNSection =
                    Configuration.GetSection("Authentication:Google");

                options.ClientId = googleAuthNSection["ClientId"];
                options.ClientSecret = googleAuthNSection["ClientSecret"];
            });
             
            // DIs accessor
            services.AddHttpContextAccessor();


            // AuthenticationController.cs:MyAction

            var authenticateResult = await HttpContext.AuthenticateAsync(GoogleDefaults.AuthenticationScheme);

            var claimsIdentity = new ClaimsIdentity("Application");

            var surnameClaim = authenticateResult.Principal.FindFirst(ClaimTypes.Surname);

            claimsIdentity.AddClaim(surnameClaim);

            await HttpContext.SignInAsync(
               "Application",
                new ClaimsPrincipal(claimsIdentity)
            );

        return LocalRedirect(returnUrl ?? "~/");



        // In MyClass.cs

        MyClass(IHttpContextAccessor accessor)
        {
            accessor.HttpContext.Claims; // Claims available!
        }

Accessing signed in user in dotnet 3.1 with HttpContextAccessor

2 Answers2