I need to access the OwinContext from within a constructor of one of my controllers, like so:
protected SEMController()
{
var currentUserIsAdmin = false;
var currentUserName = System.Web.HttpContext.Current.User?.Identity?.Name;
if (!string.IsNullOrEmpty(currentUserName))
{
var user = UserManager.Users
.SingleOrDefault(u =>
u.UserName.Equals(currentUserName,
StringComparison.InvariantCultureIgnoreCase));
if (user != null)
{
currentUserIsAdmin = UserManager.IsInRole(user.Id, UserType.Admin);
}
}
TempData["CurrentUserIsAdmin"] = currentUserIsAdmin;
}
where the UserManager is a property of the same controller and it looks like this:
public ApplicationUserManager UserManager
{
get
{
if (_userManager == null)
{
_userManager = HttpContext.GetOwinContext()
.GetUserManager<ApplicationUserManager>();
}
return _userManager;
}
private set
{
_userManager = value;
}
}
However, at the time the code is in the ctor, the HttpContext, which is a property of the Controller class and is of type System.Web.HttpContextBase and is not a System.Web.HttpContext instance, is null.
But since anyway the ASP.NET framework simply copies information from one place to another, the information they will have , at some point later in time, will be the same.
So, I was wondering if I could get a reference to the OwinContext by directly using the System.Web.HttpContext.Current property. However, that property is of type System.Web.HttpContext where as the GetOwinContext is an extension method on the type System.Web.HttpContextBase and I see that these two classes are no way related to each other.
So, I was wondering if there was a way to get from System.Web.HttpContext.Current to System.Web.HttpContextBase?
Yes, there is:
HttpContextBase httpContext = new HttpContextWrapper(HttpContext.Current);
And yes, the HttpContext property is always null during the construction of controllers. You can use it safely in (and after) the Controller.Initialize method.
Initializes data that might not be available when the constructor is called.
Related
We have an ASP.NET application. We cannot edit source code of controllers. But we can implement ActionFilter.
One of our controller action methods returns JSON. Is it possible to modify it in ActionFilter? We need to add one more property to a returned object.
Maybe, some other way to achieve it?
Found this interesting and as #Chris mentioned, though conceptually I knew this would work, I never tried this and hence thought of giving it a shot. I'm not sure whether this is an elegant/correct way of doing it, but this worked for me. (I'm trying to add Age property dynamically using ActionResult)
[PropertyInjector("Age", 12)]
public ActionResult Index()
{
return Json(new { Name = "Hello World" }, JsonRequestBehavior.AllowGet);
}
And the filter:
public class PropertyInjector : ActionFilterAttribute
{
string key;
object value;
public PropertyInjector(string key, object value)
{
this.key = key;
this.value = value;
}
public override void OnActionExecuted(ActionExecutedContext filterContext)
{
var jsonData = ((JsonResult)filterContext.Result).Data;
JObject data = JObject.FromObject(jsonData);
data.Add(this.key,JToken.FromObject(this.value));
filterContext.Result = new ContentResult { Content = data.ToString(), ContentType = "application/json" };
base.OnActionExecuted(filterContext);
}
}
Update
If it's not dynamic data which is to be injected, then remove filter constructor and hard code key & value directly and then the filter could be registered globally without editing the controller
GlobalFilters.Filters.Add(new PropertyInjector());
I want to create a custom authorization attribute for checking the role and url path.
I've find the way for doing it in the Asp.Net Core using the Policy-Based-Authorization but I've tried implement it but I can't get the HttpContext with incomming url.
AuthorizationHandlerContext hasn't access to HttpContext probable.
How can I get current HttpContext with the url path? Is it possible to do that or with another way?
I've tried this code for creating the custom Policy:
public class RoleUrlValidationHandler : AuthorizationHandler<RoleUrlValidationRequirement>
{
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, RoleUrlValidationRequirement requirement)
{
var path = //Here I need get current url path for example - /api/posts/4545411
var pathPart = path.Split('/');
var clientId = pathPart[3];
if (context.User.IsInRole(clientId))
{
context.Succeed(requirement);
}
return Task.CompletedTask;
}
}
I want to create following:
[Authorize(Policy="RoleUrlValidation")] //Get ClientId from Url and check User's roles
public class PostsController : Controller
{
public ActionResult Get()
{
}
}
The policy approach is the right one. Only bit you missed is, that you can use Dependency Injection in the Handlers.
public class RoleUrlValidationHandler : AuthorizationHandler<RoleUrlValidationRequirement>
{
private readonly IHttpContextAccessor contextAccessor;
public RoleUrlValidationHandler(IHttpContextAccessor contextAccessor)
{
this.contextAccessor = contextAccessor;
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, RoleUrlValidationRequirement requirement)
{
var httpContext = contextAccessor.HttpContext;
var path = httpContext.Request.Path;
var pathPart = path.Split('/');
var clientId = pathPart[3];
if (context.User.IsInRole(clientId))
{
context.Succeed(requirement);
}
return Task.CompletedTask;
}
}
You also may have to register the IHttpContextAccessor as its not registered by default.
services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();
Extra bits:
Consider using var routeData = httpContext.GetRouteData() instead of using path.Split('/') for reading values from it so you can easily read the parameter values from the route.
Try like this:
((DefaultHttpContext)context.Resource).Request.Path.Value
When a Record gets updated in my Database, I need to be able to save who edited it.
Currently in my Repository I do this
pt.ModifiedBy = HttpContext.Current.User.Identity.Name;
There has to be a better way of doing this or is this only method?
By using HttpContext.Current.User you're tightly coupling your DbContext with HttpContext which is not a good idea in case you'll expose your DbContext to a non-web environment (UnitTesting, WCF, WPF etc).
You can use System.Security.Principal.IIdentity instead, just like exposed in ASP.NET (System.Web.HttpContext.Current.User.Identity), WCF (System.ServiceModel.OperationContext.Current.ServiceSecurityContext.PrimaryIdentity) and Thread (Thread.CurrentPrincipal.Identity).
Then, have your DbContext accept IIdentity in its constructor, and whenever the context initialized pass the appropriate IIdentity (from your current context).
For example (based on #qujck answer):
public class MyContext : DbContext
{
private readonly IIdentity _identity;
public DbContext(IIdentity identity)
{
this._identity = identity;
}
public override int SaveChanges()
{
//you may need this line depending on your exact configuration
//ChangeTracker.DetectChanges();
foreach (DbEntityEntry o in GetChangedEntries())
{
IEntity entity = o.Entity as IEntity;
entity.ModifiedBy = this._identity.Name;
}
return base.SaveChanges();
}
}
// Usage (ASP.NET):
var context = new DbContext(System.Web.HttpContext.Current.User.Identity);
IMO the best option is to handle all the auditing in one place - your unit of work (DbContext). This is easily achieved by having all of your Poco objects implement a common interface, such as IEntity.
Here's an example:
public class MyContext : DbContext
{
public override int SaveChanges()
{
//you may need this line depending on your exact configuration
//ChangeTracker.DetectChanges();
foreach (DbEntityEntry o in GetChangedEntries())
{
IEntity entity = o.Entity as IEntity;
entity.ModifiedBy = HttpContext.Current.User.Identity.Name;
}
return base.SaveChanges();
}
private IEnumerable<DbEntityEntry> GetChangedEntries()
{
return new List<DbEntityEntry>(
from e in ChangeTracker.Entries()
where e.State != System.Data.EntityState.Unchanged
select e);
}
}
I have a method on an ApiController that looks like this:
public IEnumerable<Items> GetSlideSets() {
IServiceClass serviceClass = new ServiceClass();
//...
Yes, I am aware that this is not good design but I'm addressing this issue in a different iteration.
At a certain point in my application I need to call this functionality from within the project itself so I thought I could simply reuse the controller (and why not, I can pluck it out of my IoC container). The only problem is that in this case, I need to inject my own implementation of IServiceClass, easy enough:
public IEnumerable<Items> GetSlideSets(IServiceClass serviceClass = null) {
serviceClass = serviceClass ?? new ServiceClass();
//...
Except now I am getting errors when calling this via a regular Api call Optionalparameter 'serviceClass' is not supported by FormatterParameterBinding.
I know that there are various attributes that control bindings. Is there one that I can put on the parameter to say it shouldn't bind.
Like others have mentioned, it's probably a better idea to inject the dependency in the constructor.
But if you really must avoid binding an action parameter, there isn't a built-in attribute but you can create one pretty easily. Here's what it could look like:
public class DontBindAttribute : ParameterBindingAttribute
{
public override HttpParameterBinding GetBinding(HttpParameterDescriptor parameter)
{
return new DontBindParameterBinding(parameter);
}
private class DontBindParameterBinding : HttpParameterBinding
{
public DontBindParameterBinding(HttpParameterDescriptor parameter) : base(parameter)
{
}
public override Task ExecuteBindingAsync(ModelMetadataProvider metadataProvider, HttpActionContext actionContext, CancellationToken cancellationToken)
{
actionContext.ActionArguments.Add(Descriptor.ParameterName, Descriptor.DefaultValue);
var completedTaskSource = new TaskCompletionSource<object>();
completedTaskSource.SetResult(null);
return completedTaskSource.Task;
}
}
}
You just need to apply the attribute to the parameter afterwards:
public IEnumerable<Items> GetSlideSets([DontBind] IServiceClass serviceClass = null)
I am using the UserData Property of the FormsAuthenticationTicket to store some userspecific information. I have a HelperClass which deserializes this UserData into a custom Object for strongly-typed access. I have my controller setup as follows
public class SomeController : Controller
{
private CookieData _cookieData;
public SomeController()
{
_service = new ForderungsStellerService(new ModelStateWrapper(this.ModelState));
HttpCookie cookie = Request.Cookies[FormsAuthentication.FormsCookieName];
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(cookie.Value);
_cookieData= GetSessionData.FromCookie(ticket);
}
}
The problem seems to be, that Request is null at controller construction time. When accessing Request.Cookies from an ActionMethod, this snippet is working.
I would like to have the _cookieData object be filled within the constructor for DRY reasons.
Does anyone has a hint on that problem?
best regards...
I would create a ModelBinder that understands CookieData and how to get it out of the Request object. I fear the unit-test creation code necessary to make the constructor happy. If you take it as a parameter to the controller with a Model Binder you can avoid that test overhead.
public class SomeController : Controller
{
// only need to pass in the data object for unit testing.
// ModelBinder takes care of DRY
public ActionResult Index(CookieData cookieData)
{
}
}
The answer to why it doesn't work in the constructor is that the Controller hasn't been initialized with the ControllerContext at that point.
public HttpContextBase HttpContext {
get {
return ControllerContext == null
? null
: ControllerContext.HttpContext;
}
}
If you really want to do it in the constructor (don't) then use HttpContext.Request instead of the wrapper. But by doing so you will have made your code untestable and your alignment will drop by 3 points.
Override Controller.Initialize():
protected override void Initialize(RequestContext requestContext) {
base.Initialize(requestContext);
// do further initialization here
}
Properties like Request, etc. will be available to you after the call to base.Initialize().
Its good to be DRY but in case of ASP.NET MVC it most often means using a custom filter attribute or like talljoe showed a Model Binder.
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
HttpCookie cookie = filterContext.HttpContext.Request.Cookies[FormsAuthentication.FormsCookieName];
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(cookie.Value);
filterContext.ActionParameters["CookieData"] = GetSessionData.FromCookie(ticket);
base.OnActionExecuting(filterContext);
}