Menu
I have a custom user class MyPrincipal with some custom properties, with which I want to replace the authenticated ClaimsPrincipal, e.g. HttpContext.User
I have added a custom middleware:
public class MyMiddleware {
private readonly RequestDelegate next;
public MyMiddleware(RequestDelegate next) {
this.next = next;
}
public async Task Invoke(HttpContext context) {
if (context.User.IsAuthenticated) {
context.User = new MyPrincipal(context.User);
}
await next(context);
}
}
I have registered the middleware to run after authentication, but before MVC in Startup.cs:
public void Configure(IApplicationBuilder app) {
app.UseAuthentication();
app.UseMiddleware<MyMiddleware()>;
app.UseMvcWithDefaultRoute();
}
In my _Layout.cshtml I want to use a custom property from my MyPrincipal:
...
@if (User is MyPrincipal) {
<do stuff>
}
...
So far so good, the user is recognized as MyPrincipal.
But when I add a global Authorization policy:
public void ConfigureServices(IServiceCollection services) {
services.AddMvc(options => {
var policy = new AuthorizationPolicyBuilder(CookieAuthenticationDefaults.AuthenticationScheme)
.RequireAuthenticatedUser()
.Build();
options.Filters.Add(new AuthorizeFilter(policy));
});
}
Suddenly, the User in _Layout is just a ClaimsPrincipal.
How can I either stop MVC from replacing my principal, or hook into the pipeline after the authorization policy has completed?
P.S. I am using the ASP.NET Core 2.0 Preview 2, in case it matters.
945
You can achieve this by manually settings HttpContext. User: var identity = new ClaimsIdentity("Custom"); HttpContext. User = new ClaimsPrincipal(identity);
In ASP.NET Core, if we need to access the HttpContext in service, we can do so with the help of IHttpContextAccessor interface and its default implementation of HttpContextAccessor. It's only necessary to add this dependency if we want to access HttpContext in service.
It just holds the username of the user that is currently logged in. After login successful authentication, the username is automatically stored by login authentication system to "HttpContext.Current.User.Identity.Name" property.
Authorization in ASP.NET Core is controlled with AuthorizeAttribute and its various parameters. In its most basic form, applying the [Authorize] attribute to a controller, action, or Razor Page, limits access to that component to authenticated users. Now only authenticated users can access the Logout function.
The PolicyEvaluator is authenticating the AuthenticationScheme which replaces the Principal. To fix this remove the AuthenticationScheme parameter from the AuthorizationPolicyBuilder constructor.
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
This will apply the policy to all authentication schemes and assumes you have called HttpContext.Authentication.SignInAsync elsewhere.
187
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
