Accessing Claims Principal in the Service layer in the API of a Net core 6 App

Question

I need to access ClaimsPrincipal within the service layer of a Net Core 6 app.

I could always just builder.Services.AddTransient<IHttpContextAccessor, HttpContextAccessor>(); in the Startup.cs & go my merry way but this is a no-no. Makes it difficult to test and more importantly this is a great example of leaky abstraction.

So, now what I have is the following

  public class ClaimsProvider : IClaimsProvider
    {
        private readonly IHttpContextAccessor _httpContextAccessor;
        public ClaimsProvider(IHttpContextAccessor httpContextAccessor)  
        {
            _httpContextAccessor = httpContextAccessor;
        }

        public ClaimsPrincipal? GetClaimsPrincipal()
        {
            return _httpContextAccessor.HttpContext?.User;
        }
    }

    public interface IClaimsProvider
    {
        ClaimsPrincipal? GetClaimsPrincipal();
    }

Within my Startup.cs AddScoped() that takes an IHttpContextAccessor and return an IClaimsProvider. Then I simply build all services against IClaimsProvider

builder.Services.AddScoped<IClaimsProvider>(provider =>
{
    var httpContextAccessor = provider.GetRequiredService<IHttpContextAccessor>();
    return new ClaimsProvider(httpContextAccessor);
});

And the usual route for my services where I inject it as a dependency

      private readonly IClaimsProvider _claimsProvider;
        public SomeService(
            IWebHostEnvironment hostingEnvironment,
            IMapper mapper, IClaimsProvider claimsProvider, ...)
        {
            _hostingEnvironment = hostingEnvironment ?? 
                throw new ArgumentNullException(nameof(hostingEnvironment));
            _mapper = mapper ?? 
                throw new ArgumentNullException(nameof(mapper));
            _claimsProvider = claimsProvider;
        }   

        public void SomeMethod() 
        {
            var u = _claimsProvider.GetClaimsPrincipal();
            foreach (var claim in u.Claims)
            {
                Console.WriteLine($"{claim.Type} : {claim.Value}");
            }

        }

My question is that is the above approach ok? Potentially, is there any other approach that is better than the one shown above?

Answer 1

To prevent a leaky abstract (the need for an IHttpContextAsccessor in your service), I would recommend using the Adapter Pattern.

public void ConfigureServices(IServiceCollection services)
{
  services.AddMvc();
  services.AddHttpContextAccessor();
  services.AddScoped<IClaimsProvider, HttpContextClaimsProvider>();
}
 
public IClaimsProvider
{
  public ClaimsPrincipal ClaimsPrincipal { get; }
}
 
// Adapter
public HttpContextClaimsProvider : IClaimsProvider
{
  public HttpContextClaimsProvider(IHttpContextAccessor httpContext)
  {
    ClaimsProvider = httpContext?.User?.Principal as ClaimsPrincipal;
  }
  public ClaimsPrincipal ClaimsPrincipal { get; private set; }
 
}
 
 
public class YourService : IYourService 
{
  private readonly IClaimsProvider _claimsProvider;
 
  public YourService(IClaimsProvider claimsProvider)
  {
    _claimsProvider= claimsProvider;
  }
}

Answer 2

In our design each controller action receives an FooRequest. This is a POCO object where the properties are filled from the model binder by using corresponding attributes:

public class FooRequest : RequestBase
{
    [FromRoute]
    public int Id { get; set; }

    [FromQuery]
    public DateTime? Start { get; set; }

    [FromBody]
    public SomeComplexObject Configuration { get; set; }
}

Additionally we made a derived class using the suffix WithUser that has a ClaimsPrincipal as additional property:

public class FooRequestWithUser : FooRequest, IRequest<FooResponse>
{
    public ClaimsPrincipal User { get; set; }
}

In a next step we made a helper class that provides a helper method that can receive the request instance, a claims principal and a type T:

public class RequestBase
{
    public T Of<T>(ClaimsPrincipal user) where T: class, new()
    {
        // Check if T has base of own type
        // Create instance and iterate all props to get value
        // from this and and set value in instance.
        // Additionally use reflection to set user property.
    }
}

When our normal request class is derived from this one, we can call it within our controller and create a model containing the user as an additional property and forward it into our services by using MediatR:

public IActionResult DoFoo(FooRequest request)
{
    var requestWithUser = request.Of<FooRequestWithUser>(User);
    var result = mediator.Send(requestWithUser);

    return Ok(result);
}

By this approach the claims principal is bound to the request consumed by the service and not something it has to additionally receive. Also it makes clear, that this request must be somehow authenticated and the service should check for some potential permissions or similar.