Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue getting user identity in OnAuthorizedAsync's eventContext #140

Closed
cdmoss opened this issue Jun 21, 2021 · 3 comments
Closed

Issue getting user identity in OnAuthorizedAsync's eventContext #140

cdmoss opened this issue Jun 21, 2021 · 3 comments

Comments

@cdmoss
Copy link

cdmoss commented Jun 21, 2021
edited
Loading

Hi. In my razor pages application that uses built in Identity authentication, I'm finding that I'm unable to check the identity of the current user in the eventContext for OnAuthorizedAsync. Here is the relevant configuration

OnAuthorizeAsync = async eventContext => {
                        var test = eventContext.HttpContext.User.Identity;

                        if (!eventContext.HttpContext.User.Identity.IsAuthenticated)
                        {
                            eventContext.FailRequest(System.Net.HttpStatusCode.Unauthorized);
                            return;
                        }
                        if (!eventContext.HttpContext.User.IsInRole("Developer"))
                        {
                            eventContext.FailRequest(System.Net.HttpStatusCode.Forbidden, "Only developers can upload.");
                            return;
                        }
                    }

The HttpContext seems to contain the identity of the logged in user in other xhr requests, as long as that HttpContext is accessed through the PageModel. I've inspected and compared such non-tus xhr requests to the tus xhr requests, and as far as I can tell they look exactly the same where it is relevant: same cookies, headers, both contain the request verification token. So I'm struggling to understand why HttpContext in the useTus configuration doesn't contain user Identity. Thanks in advance for clearing this up for me.
@smatsson
Copy link
Collaborator

Hi,

Without seeing the rest of your authentication setup I think this is similar to this issue here: #137 (comment)

Have you configured a default authentication schema? If not, you should be able to challenge the request (and thus get the User identity) using AuthenticationHttpContextExtensions.ChallengeAsync .

Please let me know if any of this solved the issue. In a future version tusdotnet will integrate with endpoint routing making all of this easier.

@cdmoss
Copy link
Author

cdmoss commented Jun 23, 2021

ChallengeAsync didn't seem to work for me, though I could have been misusing it somehow.
I ended up using AuthenticationHttpContextExtensions.AuthenticateAsync, which returns an AuthenticationResult that includes the authenticated user claims. Thanks for pointing me in the right direction, and looking forward to the new improvements. The tus protocol is really exciting!

@cdmoss cdmoss closed this as completed Jun 23, 2021
@smatsson
Copy link
Collaborator

Oops I linked you the wrong method. Sorry about that! Glad you solved it :) I'l update the docs to make this clearer.

smatsson added a commit to tusdotnet/tusdotnet.wikisource that referenced this issue Jun 29, 2021
@smatsson
Clarify how to authenticate using non-default scheme (ref tusdotnet/t…
13c41f6 
…usdotnet#140)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@smatsson @cdmoss