New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add HttpContext ot ITicketStore methods (CookieAuthenticationHandler) #41908
Comments
As you outlined, there are already several different ways to do this. Why are those not sufficient? It's not clear why you need the HttpContext just to get services when you have other ways to get them. |
@Tratcher Because I lose request scope when inject factory, or I have a deal with IHttpContextAccessor and underlying AsyncLocal (lower performance). |
I can make a PR if this change is acceptable. |
Thank you for submitting this for API review. This will be reviewed by @dotnet/aspnet-api-review at the next meeting of the ASP.NET Core API Review group. Please ensure you take a look at the API review process documentation and ensure that:
|
Another option if we decide to do something like this might be adding an |
@halter73 AuthenticationTicket, from my point of view, is a complex DTO that contains schema-independent authentication information, and ITicketStore is a service that runs inside a CookieHandler. In other words, it is a storage abstraction that operates inside the request context. |
API Review Notes:
Approved! namespace Microsoft.AspNetCore.Authentication.Cookies;
public interface ITicketStore
{
Task<string> StoreAsync(AuthenticationTicket ticket);
Task<string> StoreAsync(AuthenticationTicket ticket, CancellationToken cancellationToken) => StoreAsync(ticket);
+ Task<string> StoreAsync(AuthenticationTicket ticket, HttpContext httpContext, CancellationToken cancellationToken) => StoreAsync(ticket, cancellationToken);
Task RenewAsync(string key, AuthenticationTicket ticket);
Task RenewAsync(string key, AuthenticationTicket ticket, CancellationToken cancellationToken) => RenewAsync(key, ticket);
+ Task RenewAsync(string key, AuthenticationTicket ticket, HttpContext httpContext, CancellationToken cancellationToken) => RenewAsync(key, ticket, cancellationToken);
Task<AuthenticationTicket?> RetrieveAsync(string key);
Task<AuthenticationTicket?> RetrieveAsync(string key, CancellationToken cancellationToken) => RetrieveAsync(key);
+ Task<AuthenticationTicket?> RetrieveAsync(string key, HttpContext httpContext, CancellationToken cancellationToken) => RetrieveAsync(key, cancellationToken);
Task RemoveAsync(string key);
Task RemoveAsync(string key, CancellationToken cancellationToken) => RemoveAsync(key);
+ Task RemoveAsync(string key, HttpContext httpContext, CancellationToken cancellationToken) => RemoveAsync(key, cancellationToken);
} |
We've moved this issue to the Backlog milestone. This means that it is not going to be worked on for the coming release. We will reassess the backlog following the current release and consider this item at that time. To learn more about our issue management process and to have better expectation regarding different types of issues you can read our Triage Process. |
Please feel free to submit a PR if you want to implement the API as approved above. Thanks for the suggestion! I put it in the backlog because I don't think we're going to spend the time to do this ourselves, but if you submit a PR, we can likely get the change in for .NET 7. |
Background and Motivation
Current ITicketStore interface didn’t have any methods that provides access to HttpContext
Proposed API
Usage Examples
It will improves developer experience in scenarios when storage is implemented by the scoped service (EF DbContext for example, and comment in another ITicketStore issue).
Alternative Designs
If I try to use any scoped service in my ITicketStore implementation, then I have two options:
Risks
There is no risks. ITicketStore already have methods, that accepts cancellation tokens, and default interface implementation is just calls an overload without cancellation tokens. Methods that accepts HttpContext can be safely added in a same way. That will help to avoid any breaking changes.
The only place when the ITicketStore is called is CookieAuthenticationHandler, and all callers has access to HttpContext and can pass it to ITicketStore.
The text was updated successfully, but these errors were encountered: