C
C#2y ago
DarkVader

ClaimsPrincipal, httpContext.User is not filled when I send the token, but endpoint is AllowAnonymos

public static Guid? GetUserId(this ClaimsPrincipal user)
    {
        var userId = user.Claims.FirstOrDefault(c => c.Type == ClaimEnum.Id.ToString());
        return userId is null ? null : Guid.Parse(userId.Value);
    }
public static Guid? GetUserId(this ClaimsPrincipal user)
    {
        var userId = user.Claims.FirstOrDefault(c => c.Type == ClaimEnum.Id.ToString());
        return userId is null ? null : Guid.Parse(userId.Value);
    }
So I am using minimal Apis and my endpoint looks like this 
app.MapGet(BasePath + "/{id:guid}", GetPost)
            .AllowAnonymous();
app.MapGet(BasePath + "/{id:guid}", GetPost)
            .AllowAnonymous();
When I want to use this function on httpContext.User I always get null, even if I sent the token trough the header 
curl -X 'GET' \
  'https://localhost:7067/posts/994f3e31-155a-42cb-983c-c13478951235' \
  -H 'accept: */*' \
  -H 'Authorization: Bearer {Token}'
curl -X 'GET' \
  'https://localhost:7067/posts/994f3e31-155a-42cb-983c-c13478951235' \
  -H 'accept: */*' \
  -H 'Authorization: Bearer {Token}'
I have CurrentUserService which I use and it looks like this 
public class CurrentUserService : ICurrentUserService
{
    private readonly IHttpContextAccessor _httpContextAccessor;

    public CurrentUserService(IHttpContextAccessor httpContextAccessor)
    {
        _httpContextAccessor = httpContextAccessor;

// This is the part where I wanted to read token if it is null but it has Authorization header, but I couldnt read claims on the .GetUserId() function
        if (_httpContextAccessor.HttpContext?.User.GetUserId() is null &&
            !string.IsNullOrWhiteSpace(_httpContextAccessor.HttpContext?.Request.Headers.Authorization.ToString()))
        {
            var token = new JwtSecurityTokenHandler().ReadJwtToken(_httpContextAccessor.HttpContext?.Request.Headers.Authorization.ToString().Split(' ')[1]);

            _httpContextAccessor.HttpContext!.User = new ClaimsPrincipal(new ClaimsIdentity(token.Claims));
        }
    }

    public Guid? UserId => _httpContextAccessor.HttpContext?.User.GetUserId();

    public string? Role => _httpContextAccessor.HttpContext?.User?.GetRole();
}
public class CurrentUserService : ICurrentUserService
{
    private readonly IHttpContextAccessor _httpContextAccessor;

    public CurrentUserService(IHttpContextAccessor httpContextAccessor)
    {
        _httpContextAccessor = httpContextAccessor;

// This is the part where I wanted to read token if it is null but it has Authorization header, but I couldnt read claims on the .GetUserId() function
        if (_httpContextAccessor.HttpContext?.User.GetUserId() is null &&
            !string.IsNullOrWhiteSpace(_httpContextAccessor.HttpContext?.Request.Headers.Authorization.ToString()))
        {
            var token = new JwtSecurityTokenHandler().ReadJwtToken(_httpContextAccessor.HttpContext?.Request.Headers.Authorization.ToString().Split(' ')[1]);

            _httpContextAccessor.HttpContext!.User = new ClaimsPrincipal(new ClaimsIdentity(token.Claims));
        }
    }

    public Guid? UserId => _httpContextAccessor.HttpContext?.User.GetUserId();

    public string? Role => _httpContextAccessor.HttpContext?.User?.GetRole();
}
5 Replies
Pascal
Pascal2y ago
.AllowAnonymous() is configuring your endpoint to allow unauthenticated users. Where you paraphs trying to configure authentication?
DarkVader
DarkVaderOP2y ago
Ok I understand that, but this needs to be anonymous endpoint, but if someone sends a token i want to treat it differently for authenticated user, can I place middleware or something to place claims from token to claim or no?
Pascal
Pascal2y ago
I don't think you get this behavior out of the box, but you can register a custom authorization filter/handler and achieve what you are looking for.
DarkVader
DarkVaderOP2y ago
Thank you so much
Accord
Accord2y ago
Was this issue resolved? If so, run /close - otherwise I will mark this as stale and this post will be archived until there is new activity.
Want results from more Discord servers?
Add your server