Alternative to use HttpContext in System.Web for Owin

c# asp.net asp.net-identity owin katana

26,116

Solution 1

This article gives me the solution:

Web API 2 introduced a new RequestContext class that contains a Principal property. This is now the proper location to look for the identity of the caller. This replaces the prior mechanisms of Thread.CurrentPrincipal and/or HttpContext.User. This is also what you would assign to if you are writing code to authenticate the caller in Web API.

So just modifying the line:

Guid userId = new Guid(HttpContext.Current.User.Identity.GetUserId());

Guid userId = new Guid(actionContext.RequestContext.Principal.Identity.GetUserId());

now, the reference to System.Web is not needed anymore.

Solution 2

You can use OwinRequestScopeContext. Which is doing exactly what you are looking for.

Solution 3

After reading this. It seems to me that extending AuthorizeAttribute is still the way to go. However, since HttpContext is IIS based, we want to avoid using it from now on.

There is a HttpActionContext got passed in. Then we could use

actionContext.Request.GetRequestContext().Principal.Identity

actionContext.RequestContext.Principal.Identity

actionContext.Request.GetOwinContext().Request.User.Identity to get to the identity. All three will get you the same identity object.

and yes, OwinContext is available this way too.

26,116

Xavier Egea

You do not really understand something unless you can explain it to your grandmother. Albert Einstein.

Updated on July 09, 2022

Comments

Xavier Egea almost 2 years

ASP.NET authentication is now based on OWIN middleware that can be used on any OWIN-based host. ASP.NET Identity does not have any dependency on System.Web.

I have an AuthorizeAttribute filter where I need to get the current user and add some properties to be retrieved later by action controllers.

The problem is that I have to use the HttpContext which belongs to System.Web. Is there any alternative of HttpContext for Owin?

public class WebApiAuthorizeAttribute : AuthorizeAttribute 
{
    public override async Task OnAuthorizationAsync(HttpActionContext actionContext, CancellationToken cancellationToken)
    {
        base.OnAuthorization(actionContext);

        Guid userId = new Guid(HttpContext.Current.User.Identity.GetUserId());

        ApplicationUserManager manager = new ApplicationUserManager(new ApplicationUserStore(new ApplicationDbContext())) { PasswordHasher = new CustomPasswordHasher() };
        ApplicationUser user = await manager.FindByIdAsync(userId);

        actionContext.Request.Properties.Add("userId", user.LegacyUserId);
    }
}

Note: I found this question, which seems a duplicate, but asks for a solution working for NancyFx project, which is not valid for me.

Xavier Egea almost 10 years

+1 for good solution. What I understood is that with OWIN there's no place for Auhtorization filters anymore.
Morio over 9 years

@Freerider after reading this It seems Authorization Filter is still the way to go.
Xavier Egea over 9 years

@Morio I agree with you. Thanks for posting.
Kumar over 7 years

OwinRequestScopeContext.Current is null always. Please help.
RandomUs1r almost 7 years

Also null for me, pretty sure I wired it up correctly in startup too, oh well it was worth a shot.