Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

ASP.NET (OWIN) Identity: How to get UserID from a Web API controller?

(Using VS2013 RTW, ASP.NET MVC5)

I've seen lots of documentation on how to add properties to the ApplicationUser class (and table) when using ASP.NET identity. But I haven't seen any documentation on how to have a separate table with content that maps to the ApplicationUser table via a foreign key.

I've successfully derived my own Microsoft.AspNet.Identity.EntityFramework.IdentityDbContext, and now my own "UserPreferences" table coexists in harmony with the various "AspNet*" tables in my SQL Server database. But I'm not clear on the best way to get the current user's ID so as to write a new row to the "UserPreferences" table. Note that the project is ASP.NET MVC, but I've added (and am working inside of) a Web API controller.

I have a working solution, which is:

            var uman = new Microsoft.AspNet.Identity.UserManager<Microsoft.AspNet.Identity.EntityFramework.IdentityUser>(new Microsoft.AspNet.Identity.EntityFramework.UserStore<Microsoft.AspNet.Identity.EntityFramework.IdentityUser>(new App1.Data.App1DbContext()));              var uident = User.Identity;              var userobject = uman.FindByNameAsync(uident.Name);              var userid = userobject.Result.Id;             // (Perform new row creation including the userid we just looked up 

Consider that the AspNetUsers table (as defined by the Identity framework) consists of these fields:

-id (PK, nvarchar(128) - seems to contain a GUID, not sure why not an autoincrement integer, but I assume there are reasons for this) -Username (nvarchar(max)) -PasswordHash (nvarchar(max)) -SecurityStamp (nvarchar(max)) 

I think that the id field (not the username) is the correct field to reference in this table. (I was thinking that a user may change his/her username, and someone else could then assume the other user's username, which is why both fields are there likely.) So then, I need to get the current user's ID for storage in the "UserPreferences" table, which is what the above code does. But it seems inefficient to have to do this lookup.

An important point is that in the context of a System.Web.Mvc.Controller, I can do:

User.Identity.GetUserId() (Runtime type of User.Identity: System.Security.Principal.GenericIdentity) 

But in the context of a System.Web.Http.ApiController (Web API), I cannot because that method does not exist (runtime type of User.Identity: System.Security.Claims.ClaimsIdentity) which is why I must rely instead on:

User.Identity.Name 

and do the extra lookup to convert Name to ID. Does anyone have any suggestions for how this can be improved? Am I approaching the task of writing user data to separate tables in the correct way?

like image 820
BenjiFB Avatar asked Oct 21 '13 21:10

BenjiFB


People also ask

What is OWIN used for in Web API?

Open Web Interface for . NET (OWIN) defines an abstraction between . NET web servers and web applications. OWIN decouples the web application from the server, which makes OWIN ideal for self-hosting a web application in your own process, outside of IIS.


2 Answers

You should be able to get user id on both MVC controller and web api controller by same extension method in identity 1.0 RTW package.

Here is the extensions from identity package:

namespace Microsoft.AspNet.Identity {     public static class IdentityExtensions     {         public static string FindFirstValue(this ClaimsIdentity identity, string claimType);         public static string GetUserId(this IIdentity identity);         public static string GetUserName(this IIdentity identity);     } } 

The IIdentity is the base interface for all identity types. You may need to add "using Microsoft.AspNet.Identity" in order to see the extension method.

BTW: regarding adding a foreign table for user, why not using ApplicationUser and add navigation property to UserPreference to let EF to handle their relationship? That will be easier.

like image 148
Hongye Sun Avatar answered Sep 22 '22 12:09

Hongye Sun


ClaimsIdentity identity = new ClaimsIdentity(OAuthDefaults.AuthenticationType); identity.AddClaim(new Claim(ClaimTypes.Name, userName)); identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, UserID)); 

ClaimTypes.NameIdentifier is the claim for the function User.Identity.GetUserId()

like image 26
Oswaldo Alvarez Avatar answered Sep 22 '22 12:09

Oswaldo Alvarez