How to access current HttpContext in ASP.NET Core 2 Custom Policy-Based Authorization with AuthorizationHandlerContext
Solution 1
You should inject an instance of an IHttpContextAccessor into your AuthorizationHandler
.
In the context of your example, this may look like the following:
public class BadgeEntryHandler : AuthorizationHandler<EnterBuildingRequirement>
{
IHttpContextAccessor _httpContextAccessor = null;
public BadgeEntryHandler(IHttpContextAccessor httpContextAccessor)
{
_httpContextAccessor = httpContextAccessor;
}
protected override Task HandleRequirementAsync(
AuthorizationContext context,
EnterBuildingRequirement requirement)
{
HttpContext httpContext = _httpContextAccessor.HttpContext; // Access context here
if (context.User.HasClaim(c => c.Type == ClaimTypes.BadgeId &&
c.Issuer == "http://microsoftsecurity"))
{
context.Succeed(requirement);
return Task.FromResult(0);
}
}
}
You may need to register this in your DI setup (if one of your dependencies has not already), as follows:
services.AddHttpContextAccessor();
Solution 2
You can inject an IHttpContextAccessor
into your AuthorizationHandler
s constructor.
e.g.
public class MyAuthorizationHandler : AuthorizationHandler<MyRequirement>
{
private IHttpContextAccessor _contextAccessor;
public MyAuthorizationHandler (IHttpContextAccessor contextAccessor)
{
_contextAccessor = contextAccessor;
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context,
MinimumPermissionLevelRequirement requirement) {
var httpContext = _contextAccessor.HttpContext;
// do things
}
}
Solution 3
Without injecting, simple solution!
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, MyRequirement requirement)
{
var authFilterCtx = (Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext)context.Resource;
var httpContext = authFilterCtx.HttpContext;
}
Solution 4
If it is an MVC context you can access HttpContext
, RouteData
and everything else MVC provides like this from AuthorizationContext context
:
var mvcContext = context.Resource as Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext;
if (mvcContext != null)
{
// Examine MVC specific things like routing data.
}
In .NET 5 you can use this code:
if(context.Resource.GetType().FullName == "Microsoft.AspNetCore.Http.DefaultHttpContext")
{
var httpContext = context.Resource as Microsoft.AspNetCore.Http.DefaultHttpContext;
}
Hrvoje Kusulja
CCNA, MTA, MCSA, MCTS, MCPS, MCNPS, MS, IBM System X ...
Updated on June 16, 2022Comments
-
Hrvoje Kusulja almost 2 years
How can I access current HttpContext to check for route and parameters inside AuthorizationHandlerContext of Custom Policy-Based Authorization inside ASP.NET Core 2?
Ref example: Custom Policy-Based Authorization