How to access current HttpContext in ASP.NET Core 2 Custom Policy-Based Authorization with AuthorizationHandlerContext

c# asp.net-core .net-core asp.net-core-2.0

16,433

Solution 1

You should inject an instance of an IHttpContextAccessor into your AuthorizationHandler.

In the context of your example, this may look like the following:

public class BadgeEntryHandler : AuthorizationHandler<EnterBuildingRequirement>
{
    IHttpContextAccessor _httpContextAccessor = null;

    public BadgeEntryHandler(IHttpContextAccessor httpContextAccessor)
    {
        _httpContextAccessor = httpContextAccessor;
    }

    protected override Task HandleRequirementAsync(
        AuthorizationContext context, 
        EnterBuildingRequirement requirement)
    {
        HttpContext httpContext = _httpContextAccessor.HttpContext; // Access context here

        if (context.User.HasClaim(c => c.Type == ClaimTypes.BadgeId &&
                                       c.Issuer == "http://microsoftsecurity"))
        {
            context.Succeed(requirement);
            return Task.FromResult(0);
        }
    }
}

You may need to register this in your DI setup (if one of your dependencies has not already), as follows:

services.AddHttpContextAccessor();

Solution 2

You can inject an IHttpContextAccessor into your AuthorizationHandlers constructor.

e.g.

public class MyAuthorizationHandler : AuthorizationHandler<MyRequirement>
{
    private IHttpContextAccessor _contextAccessor;

    public MyAuthorizationHandler (IHttpContextAccessor contextAccessor)
    {
        _contextAccessor = contextAccessor;
    }

    protected override Task HandleRequirementAsync(AuthorizationHandlerContext context,
        MinimumPermissionLevelRequirement requirement) {

        var httpContext = _contextAccessor.HttpContext;
        // do things
    }
}

Solution 3

Without injecting, simple solution!

protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, MyRequirement requirement)
        {
                var authFilterCtx = (Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext)context.Resource;
                var httpContext = authFilterCtx.HttpContext;  
        }

Solution 4

If it is an MVC context you can access HttpContext, RouteData and everything else MVC provides like this from AuthorizationContext context:

var mvcContext = context.Resource as Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext;

if (mvcContext != null)
{
    // Examine MVC specific things like routing data.
}

https://jakeydocs.readthedocs.io/en/latest/security/authorization/policies.html#accessing-mvc-request-context-in-handlers

In .NET 5 you can use this code:

if(context.Resource.GetType().FullName == "Microsoft.AspNetCore.Http.DefaultHttpContext")
{
    var httpContext = context.Resource as Microsoft.AspNetCore.Http.DefaultHttpContext;

}

View more solutions

16,433

Author by

Hrvoje Kusulja

CCNA, MTA, MCSA, MCTS, MCPS, MCNPS, MS, IBM System X ...

Updated on June 16, 2022

Comments

Hrvoje Kusulja almost 2 years

How can I access current HttpContext to check for route and parameters inside AuthorizationHandlerContext of Custom Policy-Based Authorization inside ASP.NET Core 2?

Ref example: Custom Policy-Based Authorization