This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 69%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAK%3C/text%3E%3C/svg%3E)
I have a .NET6 Blazor wasm application that uses IdentityServer4 for authentication. I want to create a login event in database whenever a user logs in. To do that, I am using the IdentityServer
ClientAuthenticationSuccess
event as follows. The issue is that
user
is always null that I am getting from
HttpContextAccessor
:
public class CustomEventSink : IEventSink
{
private readonly ApplicationDbContext _context;
private readonly IHttpContextAccessor _httpContextAccessor;
private readonly UserManager<ApplicationUser> _userManager;
public CustomEventSink(ApplicationDbContext context, UserManager<ApplicationUser> user, IHttpContextAccessor contextAccessor)
{
_context = context;
_httpContextAccessor = contextAccessor;
_userManager = user;
}
public async Task PersistAsync(Event evt)
{
//log event here....
EventLog el = new();
if (@evt.Id.Equals(EventIds.ClientAuthenticationSuccess))
{
try
{
var user = await _userManager.GetUserAsync(_httpContextAccessor.HttpContext.User);
if (user != null)
{
// do stuff
el.EventName = "Login";
el.EventDescription = $"{evt.Name} ({evt.Id}), Details:{evt}";
el.Created = DateTime.Now;
el.UserName = user.UserName;
_context.EventLog.Add(el);
_context.SaveChanges();
}
}
catch (Exception ex)
{
// handle exception
}
}
if (@evt.Id.Equals(EventIds.ClientAuthenticationFailure))
{
try
{
// do stuff
el.EventName = "Login Failure";
el.EventDescription = $"{evt.Name} ({evt.Id}), Details:{evt}";
el.Created = DateTime.Now;
_context.EventLog.Add(el);
_context.SaveChanges();
}
catch (Exception ex)
{
// handle exception
}
}
}
}
The problem is that
user
is always null.
Startup.cs:
namespace P.Server
{
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
// For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
public void ConfigureServices(IServiceCollection services)
{
//services.AddDbContext<ApplicationDbContext>(options =>
// options.UseSqlServer(
// Configuration.GetConnectionString("DefaultConnection")));
services.AddDatabaseDeveloperPageExceptionFilter();
services.AddSyncfusionBlazor();
services.AddDbContext<ApplicationDbContext>(options =>
options.UseMySql(Configuration.GetConnectionString("DefaultConnection"), new MySqlServerVersion(new Version(8, 0, 26))));
services.AddOptions();
services.AddControllers();
services.AddDefaultIdentity<ApplicationUser>(options => options.SignIn.RequireConfirmedAccount = true)
.AddRoles<IdentityRole>()
.AddEntityFrameworkStores<ApplicationDbContext>();
services.AddIdentityServer(options =>
{
options.Events.RaiseSuccessEvents = true;
options.Events.RaiseFailureEvents = true;
options.Events.RaiseErrorEvents = true;
})
.AddApiAuthorization<ApplicationUser, ApplicationDbContext>(options =>
{
options.IdentityResources["openid"].UserClaims.Add("role");
options.ApiResources.Single().UserClaims.Add("role");
});
services.AddAuthentication()
.AddIdentityServerJwt();
services.AddAuthorization();
services.AddHttpContextAccessor();
services.AddSession();
//services.AddSingleton<IUserIdProvider, NameUserIdProvider>(); //this is for signalr
services.AddControllersWithViews();
services.AddRazorPages();
services.AddResponseCompression(opts =>
{
opts.MimeTypes = ResponseCompressionDefaults.MimeTypes.Concat(
new[] { "application/octet-stream" });
});
services.Configure<IdentityOptions>(options =>
{
// Password settings
options.Password.RequireDigit = false;
options.Password.RequiredLength = 4;
options.Password.RequireNonAlphanumeric = false;
options.Password.RequireUppercase = false;
options.Password.RequireLowercase = false;
});
services.AddServerSideBlazor();
services.AddResponseCompression(opts =>
{
opts.MimeTypes = ResponseCompressionDefaults.MimeTypes.Concat(
new[] { "application/octet-stream" });
});
services.AddMvc().AddMvcOptions(options =>
{
options.EnableEndpointRouting = false;
});
services.AddMvcCore(options => options.OutputFormatters.Add(new XmlSerializerOutputFormatter()));
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_3_0);
services.AddMvc().AddXmlDataContractSerializerFormatters();
services.AddSignalR();
services.AddTransient<IEventSink, CustomEventSink>();
//services.AddCors(options =>
//{
// options.AddPolicy("EnableCORS", builder =>
// {
// builder.AllowAnyOrigin().AllowAnyOrigin().AllowAnyHeader().AllowAnyMethod().AllowCredentials().Build();
// });
//});
//services.AddMvc(option => option.EnableEndpointRouting = false).SetCompatibilityVersion(CompatibilityVersion.Version_3_0);
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env, IServiceProvider serviceProvider)
{
app.UseResponseCompression();
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseMigrationsEndPoint();
app.UseWebAssemblyDebugging();
}
else
{
app.UseExceptionHandler("/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseBlazorFrameworkFiles();
app.UseStaticFiles();
app.UseRouting();
app.UseSession();
app.UseIdentityServer();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapRazorPages();
endpoints.MapControllers();
endpoints.MapHub<Broadcaster>("/broadcaster");
endpoints.MapHub<LoginCountHub>("/LoginCountHub");
endpoints.MapFallbackToFile("index.html");
});
CreateRoles(serviceProvider).Wait();
}
...
}
}
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi @Amjad Khan ,
_httpContextAccessor.HttpContext.User
Try to set a break point to check the HttpContext.User, whether it contains the user information.
Besides, you could also get the user id or username from HttpContext.User, then use the UserManager FindByIdAsync(String) Method or UserManager FindByNameAsync(String) Method to get the current user.
Best regards,
Dillion
Yes, that is what I am doing. In order to access HttpContext, I have injected IHttpContextAccessor. And it return User as null.
Before triggering the CustomEventSink, try to use the F12 developer tools to check whether the request header has the cookie or not?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 61%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
In identity server User is set at the start of authentication. It will null if user is not authenticated at the start of the request. The user will not be set until the user makes another request to the login server, which typically would happen on a refresh token request.
I believe you can get the name passed to event if you use identity server events.
I guess I am using IdentityServer event ClientAuthenticationSuccess. I am just at a loss why is login/logout logging such a pain.