c# - How to inject the current user for a request in to a controller / service? -


in webapi based application have ninject binding injecting current user in things ...

bind<user>().tomethod((context) => {     user result = new user { username = "guest" };      if (httpcontext.current.user.identity.isauthenticated)     {         var service = kernel.get<iuserservice>();         var user = service.getall().firstordefault(u => u.username == httpcontext.current.user.identity.name);         return user;     }      return result; });

pretty straightforward right?

i have webapi controller has service class injected ctor, in turn has current user injected in it, stack looks ...

class somethingcontroller : apicontroller {      public somethingcontroller(isomethingservice service) { ... } }  class somethingservice : isomethingservice {      public somethingservice(user user) { ... } }

frustratingly odd reason when inject current user in service constructor user not authenticated yet.

it appears stack being constructed before authentication provider (aspnet identity) has done work , confirmed user is.

later when actual service call made controller user authenticated , user object have been given guest not actual user made call.

my understanding controller not constructed until authentication , determining request / user details done.

how can ensure current, authenticated user passed business services correctly every time (only after authentication has taken place)?

edit:

i think found problem: dotnetcurry.com/aspnet/888/aspnet-webapi-message-lifecycle looks controller , dependencies created before auth logic run. guess question becomes ... can force authorisefilter run , confirm users identity before controller constructed.

this changes question become:

how ensure authentication occurs before controller , dependencies constructed?

edit 2: answer - not ideal answer ...

can more rep unlock question please, not duplicate of other question, op asking basica usage of ninject asking webapi lifecycle , how session related context prior session being known current request.

ok don't answer solution.

if else has better 1 love hear ...

if update service constructor ...

class somethingservice : isomethingservice {      public somethingservice(ikernel kernel) { ... } }

... , drop kernel in local field, when come run service code ...

  public void foo() {       var user = kernel.get<user>();   }

... means ...

i user @ point of request lifecycle authentication , authorisation has taken place, , stack correctly constructed.

now if ask user, when rule runs httpcontext correctly showing right user details.

it works ...

this di antipattern type behaviour, don't , prefer find solution meant authenticate user there , if hadn't happened yet mean replicating code webapi stack has (that mean easier though) , take place anyway resulting in authentication process happening twice.

in absence of such solution ... "semi" reasonable workaround.

it's been while later found out answer this.

the problem whilst had auth info in form of auth token provided header value, trying construct information user , may not have needed during request.

i wanted ensure business services sat behind controller handling request given current user when in fact needed auth information auth info used determine , make security related decisions (such getting user if appropriate).

in end took creating ioc binding examine owin context , ask auth information, auth information inject in controller / service needed.

from there @ least had contextual information needed make key decisions.


Comments

Post a Comment

Popular posts from this blog

1111. appearing after print sequence - php -

morning, i have code takes string of shoe sizes, explodes , puts in table. code works , info displayed correctly on page after table there few 1's after table. i'm confused this. so table looks (in columns of 3 on webpage) available in following sizes: 3 4 5 6 9 10 111 here's codes, purpose of example $x = 3|4|6|10|9 function get_sizes_pipe($x) { $counter = 0; $splits = explode("|",$x); asort($splits); $x = print "<table class='greentable'>"; $x .= print "<thead><tr><th scope='col' colspan='3' abbr='starter'>available in following sizes:</th></tr></thead><tbody><tr>"; foreach ($splits $split) { $entry = print "<td>".$split."</td>"; if($counter == 2){ $entry .= print "</tr><tr>"; $counter =0; } else { $counter++; ...
Read more

java - WARN : org.springframework.web.servlet.PageNotFound - No mapping found for HTTP request with URI [/board/] in DispatcherServlet with name 'appServlet' -

this question has answer here: why spring mvc respond 404 , report “no mapping found http request uri […] in dispatcherservlet”? 3 answers i trying making simple bbs i'm encountering following error, warn : org.springframework.web.servlet.pagenotfound - no mapping found http request uri [/board/] in dispatcherservlet name 'appservlet' i have tried solve error many times, have failed. how can solve error? here web.xml, controllerand , servlet-context. my web.xml <?xml version="1.0" encoding="utf-8"?> <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/xmlschema-instance" xsi:schemalocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> <filter> <filter-nam...
Read more

Ruby on Rails, ActiveRecord, Postgres, UTF-8 and ASCII-8BIT encodings -

weirdest error, who’s challenge try , me? spent hours yesterday on , it’s magic. can't believe happening , it's driving me crazy. btw, using: rails 4.2.3 ruby 2.2.3 pg 0.18 encoding.default_internal = encoding.default_external = utf-8 config.encoding = 'utf-8' it has postgres, activerecord , encodings! turns out we’ve been getting these errors whenever create new users on database special characters: encoding::undefinedconversionerror: "\xc3" ascii-8bit utf-8 \xc3 may vary depending on characters. weird part we’ve set since beginning utf-8. makes no sense , digged it, , used script: user.all.each |user| user.attributes.each |name, value| if value.is_a? string puts user.email + name.encoding.to_s + value.encoding.to_s end end end and output of 1 of users, users same: dr_lottahelp@blahblah.comutf-8utf-8 dr_lottahelp@blahblah.comutf-8ascii-8bit dr_lottahelp@blahblah.comutf-8ascii-8bit dr_lottahelp@blahblah.comutf-8asci...
Read more