34

I'm writing an aspnet core 1 application. Using a bearer token authentication I have the User property inside the controller with the correct identity. However I cant seem to find a way to grab with identity as I did before using the ClaimPrincipal.Current static. What is the current best practice to get this data inside the BL layers with out passing the ClaimPrincipal object around?

Eugene Krapivin
  • 1,671
  • 2
  • 17
  • 32

2 Answers2

63

Further investigating this issue I've found that it is possible to use the native DI container to inject the ClaimsPrincipal where needed like that: 

services.AddTransient<ClaimsPrincipal>(s =>
    s.GetService<IHttpContextAccessor>().HttpContext.User);

This feels kind of weird injecting it, however it is better than storing it in the CallContext.

Daniel Lerps
  • 5,256
  • 3
  • 23
  • 33
Eugene Krapivin
  • 1,671
  • 2
  • 17
  • 32
  • @MagendranV well thats a whole other question :) `ClaimsPrincipal.Claims` is what you want – LuckyLikey May 15 '19 at 09:07
  • 1
    I think you should be using `services.AddScoped`, even though it funcionally doesn't change anything, it stresses, that the `ClaimsPrincial` is scoped anyway. – LuckyLikey May 15 '19 at 09:15
20

Here is better answer for dotnet core 2.0 and newer: https://adamstorr.azurewebsites.net/blog/are-you-registering-ihttpcontextaccessor-correctly

Basically add IHttpContextAccessor to services as Singleton:

public void ConfigureServices(IServiceCollection services)
{
    services.AddMvc();
    services.AddHttpContextAccessor();
}

To consume inject IHttpContextAccessor into your class:

public class YourService : IYourService {
        private readonly IHttpContextAccessor _httpContextAccessor;

        public YourService(IHttpContextAccessor httpContextAccessor)
        {
            _httpContextAccessor = httpContextAccessor;
        }
}

and access _httpContextAccessor.HttpContext in your methods.

drakkar
  • 403
  • 7
  • 10
  • 9
    This is an exact example of a *Leaky Abstraction*. Anything requiring the `ClaimsPrincipal` shouldn't know about the `IHttpContextAccessor`. – Erik Philips Jun 30 '19 at 04:32
  • Erik is correct. You shouldn't be passing around IHttpContextAccessor because you'll create issues for running testing. – James Hancock Oct 18 '19 at 13:53
  • @ErikPhilips what if the only place you inject IHttpContextAccessor is into `YourService`. Then `YourService` returns the `ClaimsPrincipal`. Would you consider that leaky? Maybe drakkar did not fully flesh out this code. I think we might want `services.AddTransient();` so we can use YourService as a dependency in other services? – Jess Apr 15 '20 at 12:35
  • 4
    @Jess It depends on what `YourService` is. If it's just an abstraction to get to the Claims like a `ClaimContainer` it's not actually leaky. If your actual service needs the Claims and it's dependant on `IHttpContextAccessor` then that is leaky. – Erik Philips Apr 15 '20 at 19:18
  • @ErikPhilips then what would be the correct way of getting to claims in the service? The only way is to use `IHttpContextAccessor` but that is leaky as you said. Seems there aren't any good solution(s) to this issue unless one were to pass the claims from the controller to the service layer "manually". – Sangeet Agarwal Jan 20 '23 at 13:27
  • 1
    @SangeetAgarwal you can build a `AddScoped()` that takes an `IHttpContextAccessor` and return an `IClaimsProvider`. Then simply build all apps against `IClaimsProvider`. There are plent of types of services; Azure Functions, Azure Lambda that don't provide `IHttpContextAccessor`. – Erik Philips Jan 21 '23 at 09:47
  • @ErikPhilips thanks for taking the time to respond to my comment, if you have a moment then can you show me some pseudo code of how I could possibly do that, if you like I can post this as a question. Thanks again – Sangeet Agarwal Jan 21 '23 at 13:29
  • @ErikPhilips nvm, figured it out, here's what I have in the `Startup.cs` `builder.Services.AddTransient(provider => { var httpContextAccessor = provider.GetRequiredService(); return new ClaimsProvider(httpContextAccessor); }); ` – Sangeet Agarwal Jan 21 '23 at 14:16
  • 1
    @SangeetAgarwal Or use the [adapter pattern](https://pastebin.com/9gUBDH39). – Erik Philips Jan 22 '23 at 16:56
  • 1
    @ErikPhilips thanks so much, I posted a question at https://stackoverflow.com/questions/75194700/accessing-claims-principal-in-the-service-layer-in-the-api-of-a-net-core-6-app. Can you please add your comment as an answer and I'll accept it. Just want to make sure you get credit for the time you spent answering my question. Plus, I think others might benefit from your answer since I think most folks just directly access the `IHttpContextAccessor` in their services to get to the `ClaimsPrincipal`. Thanks again. – Sangeet Agarwal Jan 22 '23 at 18:15