I'm authenticating HTTP requests in middleware by querying data in the database, and to do so I need to configure the ApplicationDbContext with the data in HTTP request. How can I reach HTTP request from ApplicationDbContext.OnConfiguring ? (ASP .NET core / Entity framework core)
Middleware
public class TeamAuthentication
{
public async Task Invoke(HttpContext context, ApplicationDbContext db)
{
My.CheckToken(db);
// ...
DbContext
public class ApplicationDbContext : IdentityDbContext<ApplicationUser>
{
private ILoggerFactory loggerFactory;
public ApplicationDbContext(DbContextOptions<ApplicationDbContext> options, ILoggerFactory _loggerFactory)
: base(options)
{
loggerFactory = _loggerFactory;
}
protected override void OnConfiguring(DbContextOptionsBuilder optionsBuilder)
{
// how to reach HttpContext here ?
// ...
As you have already found, EF supports using DbContext with a dependency injection container. Inject IHttpContextAccessor in your dependencies and use it to obtain the current HttpContext:
public class ApplicationDbContext : IdentityDbContext<ApplicationUser>
{
private readonly ILoggerFactory _loggerFactory;
private readonly IHttpContextAccessor _contextAccessor;
public ApplicationDbContext(DbContextOptions<ApplicationDbContext> options, ILoggerFactory loggerFactory, IHttpContextAccessor contextAccessor)
: base(options)
{
_loggerFactory = loggerFactory;
_contextAccessor = contextAccessor;
}
protected override void OnConfiguring(DbContextOptionsBuilder optionsBuilder)
{
// use _contextAccessor.HttpContext here
...
}
And do not forget to register IHttpContextAccessor to DI in ConfigureServices as "The IHttpContextAccessor service is not registered by default"
public void ConfigureServices(IServiceCollection services)
{
services.AddSingleton<Microsoft.AspNetCore.Http.IHttpContextAccessor, Microsoft.AspNetCore.Http.HttpContextAccessor>();
...
}
Related
i have used IwebHostEnvironment in my code but i have a question ..
IWebHostEnvironment is an interface used to provide info about hosting & can get data about path from it
why i take an instance from it and inject it like i was inject a _db without register it in
ConfigureServices method like i register Db context?!
public class ProductController : Controller
{
private readonly App_DbContext _db;
private readonly IWebHostEnvironment _webHostEnvironment;
public ProductController(App_DbContext db,IWebHostEnvironment webHostEnvironment)
{
_db = db;
_webHostEnvironment = webHostEnvironment;
}
public IActionResult Index()
{
IEnumerable<Product> products= _db.Product;
return View(products);
}
this is configure services Method
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext<App_DbContext>(options =>
options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));
services.AddControllersWithViews();
}
Agree with #Nkosi, you can refer to this section, IWebHostEnvironment is one of the framework-registered services.
is there a way to access HttpContext.session in a class library? (im using .Net Core 5)
I have the configuration all set up and also using microsoft.AspNetCore.Http but im still unable to access the session variables.
If there is no way to do that whats the best way to perform actions that require the current User's ID/Identification?
As #King King answered, you could inject the IHttpContextAccessor into the class.
Step 1 Add Session service
public void ConfigureServices(IServiceCollection services)
{
services.AddControllersWithViews();
services.AddSession();
services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
...
app.UseAuthorization();
app.UseSession();
app.UseEndpoints(endpoints =>
...
}
Step 2 Access Session in custom class
public class SessionTest
{
private readonly IHttpContextAccessor _httpContextAccessor;
private ISession _session => _httpContextAccessor.HttpContext.Session;
public SessionTest(IHttpContextAccessor httpContextAccessor)
{
_httpContextAccessor = httpContextAccessor;
}
public void setSession()
{
_session.SetString("Test", "Hello World!");
}
public void getSession()
{
var message = _session.GetString("Test");
...
}
}
Step 3 access session via custom class
public class HomeController : Controller
{
private readonly ILogger<HomeController> _logger;
private readonly IHttpContextAccessor _httpContextAccessor;
private readonly ISession _session;
public HomeController(IHttpContextAccessor httpContextAccessor,ILogger<HomeController> logger)
{
_logger = logger;
_httpContextAccessor = httpContextAccessor;
_session = _httpContextAccessor.HttpContext.Session;
}
public IActionResult Index()
{
SessionTest session = new SessionTest(_httpContextAccessor);
session.setSession();
session.getSession();
return View();
}
}
This question already has answers here:
How to do DI in asp.net core middleware?
(2 answers)
Closed 2 years ago.
I have created an API Logging middleware to log request to DB and to Azure Microsoft insight however for some reason the Dependency Injection for the Database context is not found (gives cannot resolve scoped service from root provider).
API Logging MiddleWare
public class APILoggingMiddleware
{
private readonly TelemetryClient _telemetry;
private readonly ILogger _logger;
private readonly RequestDelegate _next;
private APIsAuditContext db;
public static IConfiguration _configuration;
public APILoggingMiddleware(RequestDelegate next, ILoggerFactory loggerFactory, TelemetryClient telemetry, IConfiguration configuration, APIsAuditContext dbContext)
{
_configuration = configuration;
_telemetry = telemetry;
_next = next;
_logger = loggerFactory.CreateLogger<APILoggingMiddleware>();
db = dbContext;
}
//static class to simplify adding the middleware to the application’s pipeline
public async Task Invoke(HttpContext context)
{
try
{
await _next(context);
}
finally
{
Task logReq = logRequest(context);
Task lodRes = logResponse(context);
}
}
}
DB Context
public class APIsAuditContext : DbContext
{
protected override void OnConfiguring(DbContextOptionsBuilder optionsBuilder)
{
if (!optionsBuilder.IsConfigured)
{
}
}
protected override void OnModelCreating(ModelBuilder modelBuilder)
{
}
public APIsAuditContext(DbContextOptions<APIsAuditContext> options) : base(options) { }
public DbSet<APIsRequestsAudit> APIsRequestsAudits { get; set; }
}
Startup
public class Startup
{
public IConfiguration _configuration { get; }
public Startup(IConfiguration configuration)
{
_configuration = configuration;
}
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext<APIsAuditContext>(options => options.UseSqlServer(_configuration["ConnectionStrings:APIAuditConnection"]));
services.AddApplicationInsightsTelemetry();
services.AddControllers();
services.AddMvc();
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
//Pipeline to API Logging
app.UseRequestResponseLogging();
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseHttpsRedirection();
app.UseRouting();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
}
}
Can someone help please?
As per https://learn.microsoft.com/en-us/aspnet/core/fundamentals/middleware/write?view=aspnetcore-3.1#per-request-middleware-dependencies, you must inject scoped service in the Invoke method:
public class CustomMiddleware
{
private readonly RequestDelegate _next;
public CustomMiddleware(RequestDelegate next)
{
_next = next;
}
// IMyScopedService is injected into Invoke
public async Task Invoke(HttpContext httpContext, IMyScopedService svc)
{
svc.MyProperty = 1000;
await _next(httpContext);
}
}
In ASP.NET Core I have a service that is registered in DI as scoped. Can I access the HTTP context in that service without using IHttpContextAccessor and the overhead it has?
You'd have to add a scoped service to the container, then you'd have to add a middleware that resolved that service and set the current http context on it.
public class ScopedHttpContext
{
public HttpContext HttpContext { get; set; }
}
public void ConfigureServices(IServiceCollection services)
{
services.AddScoped<ScopedHttpContext>();
}
public void Configure(IApplicationBuilder app)
{
app.UseMiddleware<ScopedHttpContextMiddleware>();
}
public class ScopedHttpContextMiddleware
{
private readonly RequestDelegate _next;
public ScopedHttpContextMiddleware(RequestDelegate next)
{
_next = next;
}
public Task InvokeAsync(HttpContext context, ScopedHttpContext scopedContext)
{
scopedContext.HttpContext = context;
return _next(context);
}
}
I want to validate AntiForgery token in ASP.NET Core application. I know i can individually do that by adding [AutoValidateAntiforgeryToken] or [ValidateAntiforgeryToken] attributes on Action methods as suggested in SO post here
I'm looking for global approach to validate token for all POST methods. So i created a middleware to do so. However i could not find suitable method to validate the token. Like in classic asp.net there is AntiForgery.Validate().
What's the equivalent method in ASP.NET Core
public class ValidateAntiForgeryTokenMiddleware
{
private readonly RequestDelegate _next;
public ValidateAntiForgeryTokenMiddleware(RequestDelegate next)
{
_next = next;
}
public async Task Invoke(HttpContext httpContext)
{
if (httpContext.Request.Method.ToUpper() == "POST")
{
// where does this mehod exists?
// i could not find it in Microsoft.AspNetCore.Antiforgery namespace
AntiForgery.Validate();
}
await _next(httpContext);
}
}
public static class ValidateAntiForgeryTokenMiddlewareExtensions
{
public static IApplicationBuilder UseValidateAntiForgeryToken(this IApplicationBuilder builder)
{
return builder.UseMiddleware<ValidateAntiForgeryTokenMiddleware>();
}
}
I have to Inject Antiforgery as service
public class ValidateAntiForgeryTokenMiddleware
{
private readonly RequestDelegate _next;
private readonly IAntiforgery _antiforgery;
public ValidateAntiForgeryTokenMiddleware(RequestDelegate next, IAntiforgery antiforgery)
{
_next = next;
_antiforgery = antiforgery;
}
public async Task Invoke(HttpContext httpContext)
{
if (httpContext.Request.Method.ToUpper() == "POST")
{
await _antiforgery.ValidateRequestAsync(httpContext);
}
await _next(httpContext);
}
}
add Antiforgery as service in startup.cs
public void ConfigureServices(IServiceCollection services)
{
services.AddAntiforgery();
}
Use my middlware
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory, IApplicationLifetime appLifetime)
{
app.UseValidateAntiForgeryToken();
}