C
C#2y ago
DarkVader

ClaimsPrincipal, httpContext.User is not filled when I send the token, but endpoint is AllowAnonymos

public static Guid? GetUserId(this ClaimsPrincipal user)
{
var userId = user.Claims.FirstOrDefault(c => c.Type == ClaimEnum.Id.ToString());
return userId is null ? null : Guid.Parse(userId.Value);
}
public static Guid? GetUserId(this ClaimsPrincipal user)
{
var userId = user.Claims.FirstOrDefault(c => c.Type == ClaimEnum.Id.ToString());
return userId is null ? null : Guid.Parse(userId.Value);
}
So I am using minimal Apis and my endpoint looks like this
app.MapGet(BasePath + "/{id:guid}", GetPost)
.AllowAnonymous();
app.MapGet(BasePath + "/{id:guid}", GetPost)
.AllowAnonymous();
When I want to use this function on httpContext.User I always get null, even if I sent the token trough the header
curl -X 'GET' \
'https://localhost:7067/posts/994f3e31-155a-42cb-983c-c13478951235' \
-H 'accept: */*' \
-H 'Authorization: Bearer {Token}'
curl -X 'GET' \
'https://localhost:7067/posts/994f3e31-155a-42cb-983c-c13478951235' \
-H 'accept: */*' \
-H 'Authorization: Bearer {Token}'
I have CurrentUserService which I use and it looks like this
public class CurrentUserService : ICurrentUserService
{
private readonly IHttpContextAccessor _httpContextAccessor;

public CurrentUserService(IHttpContextAccessor httpContextAccessor)
{
_httpContextAccessor = httpContextAccessor;

// This is the part where I wanted to read token if it is null but it has Authorization header, but I couldnt read claims on the .GetUserId() function
if (_httpContextAccessor.HttpContext?.User.GetUserId() is null &&
!string.IsNullOrWhiteSpace(_httpContextAccessor.HttpContext?.Request.Headers.Authorization.ToString()))
{
var token = new JwtSecurityTokenHandler().ReadJwtToken(_httpContextAccessor.HttpContext?.Request.Headers.Authorization.ToString().Split(' ')[1]);

_httpContextAccessor.HttpContext!.User = new ClaimsPrincipal(new ClaimsIdentity(token.Claims));
}
}

public Guid? UserId => _httpContextAccessor.HttpContext?.User.GetUserId();

public string? Role => _httpContextAccessor.HttpContext?.User?.GetRole();
}
public class CurrentUserService : ICurrentUserService
{
private readonly IHttpContextAccessor _httpContextAccessor;

public CurrentUserService(IHttpContextAccessor httpContextAccessor)
{
_httpContextAccessor = httpContextAccessor;

// This is the part where I wanted to read token if it is null but it has Authorization header, but I couldnt read claims on the .GetUserId() function
if (_httpContextAccessor.HttpContext?.User.GetUserId() is null &&
!string.IsNullOrWhiteSpace(_httpContextAccessor.HttpContext?.Request.Headers.Authorization.ToString()))
{
var token = new JwtSecurityTokenHandler().ReadJwtToken(_httpContextAccessor.HttpContext?.Request.Headers.Authorization.ToString().Split(' ')[1]);

_httpContextAccessor.HttpContext!.User = new ClaimsPrincipal(new ClaimsIdentity(token.Claims));
}
}

public Guid? UserId => _httpContextAccessor.HttpContext?.User.GetUserId();

public string? Role => _httpContextAccessor.HttpContext?.User?.GetRole();
}
5 Replies
Pascal
Pascal2y ago
.AllowAnonymous() is configuring your endpoint to allow unauthenticated users. Where you paraphs trying to configure authentication?
DarkVader
DarkVaderOP2y ago
Ok I understand that, but this needs to be anonymous endpoint, but if someone sends a token i want to treat it differently for authenticated user, can I place middleware or something to place claims from token to claim or no?
Pascal
Pascal2y ago
I don't think you get this behavior out of the box, but you can register a custom authorization filter/handler and achieve what you are looking for.
DarkVader
DarkVaderOP2y ago
Thank you so much
Accord
Accord2y ago
Was this issue resolved? If so, run /close - otherwise I will mark this as stale and this post will be archived until there is new activity.
Want results from more Discord servers?
Add your server