Add HttpContext ot ITicketStore methods (CookieAuthenticationHandler) #41908
Comments
vanbukin
added
the
api-suggestion
|
As you outlined, there are already several different ways to do this. Why are those not sufficient? It's not clear why you need the HttpContext just to get services when you have other ways to get them. |
|
@Tratcher Because I lose request scope when inject factory, or I have a deal with IHttpContextAccessor and underlying AsyncLocal (lower performance). |
|
I can make a PR if this change is acceptable. |
Tratcher
added
the
api-ready-for-review
|
Thank you for submitting this for API review. This will be reviewed by @dotnet/aspnet-api-review at the next meeting of the ASP.NET Core API Review group. Please ensure you take a look at the API review process documentation and ensure that:
|
halter73
removed
the
api-suggestion
|
Another option if we decide to do something like this might be adding an |
|
@halter73 AuthenticationTicket, from my point of view, is a complex DTO that contains schema-independent authentication information, and ITicketStore is a service that runs inside a CookieHandler. In other words, it is a storage abstraction that operates inside the request context. |
|
API Review Notes:
Approved! namespace Microsoft.AspNetCore.Authentication.Cookies;
public interface ITicketStore
{
Task<string> StoreAsync(AuthenticationTicket ticket);
Task<string> StoreAsync(AuthenticationTicket ticket, CancellationToken cancellationToken) => StoreAsync(ticket);
+ Task<string> StoreAsync(AuthenticationTicket ticket, HttpContext httpContext, CancellationToken cancellationToken) => StoreAsync(ticket, cancellationToken);
Task RenewAsync(string key, AuthenticationTicket ticket);
Task RenewAsync(string key, AuthenticationTicket ticket, CancellationToken cancellationToken) => RenewAsync(key, ticket);
+ Task RenewAsync(string key, AuthenticationTicket ticket, HttpContext httpContext, CancellationToken cancellationToken) => RenewAsync(key, ticket, cancellationToken);
Task<AuthenticationTicket?> RetrieveAsync(string key);
Task<AuthenticationTicket?> RetrieveAsync(string key, CancellationToken cancellationToken) => RetrieveAsync(key);
+ Task<AuthenticationTicket?> RetrieveAsync(string key, HttpContext httpContext, CancellationToken cancellationToken) => RetrieveAsync(key, cancellationToken);
Task RemoveAsync(string key);
Task RemoveAsync(string key, CancellationToken cancellationToken) => RemoveAsync(key);
+ Task RemoveAsync(string key, HttpContext httpContext, CancellationToken cancellationToken) => RemoveAsync(key, cancellationToken);
} |
halter73
added
api-approved
|
We've moved this issue to the Backlog milestone. This means that it is not going to be worked on for the coming release. We will reassess the backlog following the current release and consider this item at that time. To learn more about our issue management process and to have better expectation regarding different types of issues you can read our Triage Process. |
Please feel free to submit a PR if you want to implement the API as approved above. Thanks for the suggestion! I put it in the backlog because I don't think we're going to spend the time to do this ourselves, but if you submit a PR, we can likely get the change in for .NET 7. |
Background and Motivation
Current ITicketStore interface didn’t have any methods that provides access to HttpContext
Proposed API
namespace Microsoft.AspNetCore.Authentication.Cookies; public interface ITicketStore { Task<string> StoreAsync(AuthenticationTicket ticket); Task<string> StoreAsync(AuthenticationTicket ticket, CancellationToken cancellationToken) => StoreAsync(ticket); + Task<string> StoreAsync(HttpContext httpContext, AuthenticationTicket ticket, CancellationToken cancellationToken) => StoreAsync(ticket, cancellationToken); Task RenewAsync(string key, AuthenticationTicket ticket); Task RenewAsync(string key, AuthenticationTicket ticket, CancellationToken cancellationToken) => RenewAsync(key, ticket); + Task RenewAsync(HttpContext httpContext, string key, AuthenticationTicket ticket, CancellationToken cancellationToken) => RenewAsync(key, ticket, cancellationToken); Task<AuthenticationTicket?> RetrieveAsync(string key); Task<AuthenticationTicket?> RetrieveAsync(string key, CancellationToken cancellationToken) => RetrieveAsync(key); + Task<AuthenticationTicket?> RetrieveAsync(HttpContext httpContext, string key, CancellationToken cancellationToken) => RetrieveAsync(key, cancellationToken); Task RemoveAsync(string key); Task RemoveAsync(string key, CancellationToken cancellationToken) => RemoveAsync(key); + Task RemoveAsync(HttpContext httpContext, string key, CancellationToken cancellationToken) => RemoveAsync(key, cancellationToken); }Usage Examples
It will improves developer experience in scenarios when storage is implemented by the scoped service (EF DbContext for example, and comment in another ITicketStore issue).
Alternative Designs
If I try to use any scoped service in my ITicketStore implementation, then I have two options:
Risks
There is no risks. ITicketStore already have methods, that accepts cancellation tokens, and default interface implementation is just calls an overload without cancellation tokens. Methods that accepts HttpContext can be safely added in a same way. That will help to avoid any breaking changes.
The only place when the ITicketStore is called is CookieAuthenticationHandler, and all callers has access to HttpContext and can pass it to ITicketStore.
The text was updated successfully, but these errors were encountered: