Aspnetcore: Server-side Blazor: HttpContext is null when new component is created

Created on 26 Jul 2019  路  11Comments  路  Source: dotnet/aspnetcore

I've got a server-side Blazor / IdentityServer4 / API setup. With every request to the API I've got to send the access token that I got from the identity server. I get the access token from the HttpContext when my HttpClient gets created in Startup.cs:

            services.AddHttpClient<IMyClient, MyClient>(client =>
            {
                var serviceProvider = services.BuildServiceProvider();
                var httpContextAccessor = serviceProvider.GetService<IHttpContextAccessor>();

                var task = httpContextAccessor.HttpContext.GetTokenAsync("access_token");
                task.Wait();
                var accessToken = task.Result;

                client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);

                client.BaseAddress = new Uri(Configuration.GetMyApiServerUrl());
            });

Every component, that has to make calls to the API, injects MyClient. If such a component is created, the AddHttpClient function is called and the access token is set for future calls to the API.

This works well on my local machine but on the server, only the first call after page load works. After that, if a new component gets created that injects MyClient, the HttpContext is null inside the AddHttpClient function.

Any idea on how to solve this?

Docs area-blazor area-httpclientfactory
Source
picture rysep2
👍3

Most helpful comment

This still is an issue, I can believe there is no official support for this yet since Authentication/Authorization should be considered a priority.

picture mihaimyh on 27 Dec 2019
👍3

All 11 comments

You shouldn't be using HttpContextAccessor in Blazor server-side applications. I think the whole approach you are taking here is problematic, as there is no HttpContext available in SignalR applications in most cases.

A doable approach would be to include the access_token as a claim inside the authenticated user as that is something that will be available to the app in all contexts and then make your handler use IAuthenticationStateProvider to resolve the current authentication state.

@SteveSandersonMS Is this doable?
@rynowak for suggestions about HttpClientFactory

javiercn picture javiercn on 28 Aug 2019

@javiercn Yes, that sounds reasonable to me.

SteveSandersonMS picture SteveSandersonMS on 29 Aug 2019

Closing as there's no action to be taken here.

javiercn picture javiercn on 29 Aug 2019

The Identity Server puts the access token in the HTTP Header. As far as I know I can't change that. So I guess there is no other way for me than to get the access token out of the HttpContext on the first call. Then I can include it as a claim inside the authenticated user. Is that correct?

rysep2 picture rysep2 on 9 Sep 2019

@rysep2 Yes. That should work.

javiercn picture javiercn on 9 Sep 2019

I'm trying to get the user agent string in a server side app and running into the same issue. If not the HttpContextAccessor, what's the proper way to get info about the request in server side?

jdaless picture jdaless on 30 Oct 2019

Hi @jdaless.

It looks like you are posting on a closed issue!

We're very likely to lose track of your bug/feedback/question unless you:

  1. Open a new issue
  2. Explain very clearly what you need help with
  3. If you think you have found a bug, include detailed repro steps so that we can investigate the problem
javiercn picture javiercn on 30 Oct 2019

A doable approach would be to include the access_token as a claim inside the authenticated user as that is something that will be available to the app in all contexts and then make your handler use IAuthenticationStateProvider to resolve the current authentication state.

I changed my code accordingly but when I try to access the AuthenticationStateProvider in my HttpMessageHandler I get the following error message "System.InvalidOperationException: GetAuthenticationStateAsync was called before SetAuthenticationState.". This happens after the log in process, the AuthenticationState should already be set. Or am I wrong?

Startup.cs:

    services.AddTransient<MyHttpMessageHandler>();

    services.AddHttpClient<IMyClient, MyClient>(client =>
    {        
        client.BaseAddress = new Uri(Configuration.GetMyApiServerUrl());
    }).AddHttpMessageHandler<MyHttpMessageHandler>();

MyHttpMessageHandler.cs:

    public class MyHttpMessageHandler : DelegatingHandler
    {
        private readonly AuthenticationStateProvider _authenticationStateProvider;

        public MyHttpMessageHandler(AuthenticationStateProvider authenticationStateProvider)
        {
            _authenticationStateProvider = authenticationStateProvider;
        }

        protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
        {
            var authState = await _authenticationStateProvider.GetAuthenticationStateAsync();

            return await base.SendAsync(request, cancellationToken);
        }
    }
rysep2 picture rysep2 on 19 Nov 2019

Is it possible to reopen this thread or do I have to create a new issue for this problem to get recognized?

rysep2 picture rysep2 on 28 Nov 2019

This still is an issue, I can believe there is no official support for this yet since Authentication/Authorization should be considered a priority.

mihaimyh picture mihaimyh on 27 Dec 2019
👍3

@javiercn looks like this hasn't been resolved as yet - https://github.com/aspnet/AspNetCore/issues/18066. Can you help?

pranavkm picture pranavkm on 30 Dec 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

radenkozec picture radenkozec  路  114Comments
reduckted picture reduckted  路  91Comments
davidfowl picture davidfowl  路  126Comments
Rast1234 picture Rast1234  路  104Comments
kevinchalet picture kevinchalet  路  761Comments