Get the current user, within an ApiController action, without passing the userID as a parameter

Question

How do we get the current user, within an secure ApiController action, without passing the userName or userId as a parameter?

We assume that this is available, because we are within a secure action. Being in a secure action means that the user has already authenticated and the request has her bearer token. Given that WebApi has authorized the user, there may be a built in way to access the userId, without having to pass it as an action parameter.

Please, see this Answer: http://stackoverflow.com/a/26453782/3290276 Add the claim did the trick — Gabriela Macias, Nov 21 '15 at 19:44

score 159 · Accepted Answer · answered Feb 07 '14 at 02:17

159

In WebApi 2 you can use RequestContext.Principal from within a method on ApiController

answered Feb 07 '14 at 02:17

Darrel Miller

139,164
32
194
243

1

We don't have that property, it seems. Hmm. Maybe we are using an old version of WebApi. – Shaun Luttin Feb 07 '14 at 03:11
2

@ShaunLuttin Ok, so if you are using Web API 1 then you I believe there is a Prinicpal property on ApiController. This is just a fancy wrapper around accessing the Request.Properties collection. The principal object is stored in that dictionary. – Darrel Miller Feb 07 '14 at 03:25
Thank God for this answer. Been spending the last 2 hours trying to find where the new identity property was for the context. – Xipooo Jan 05 '16 at 18:44
6

Just don't forget `using Microsoft.AspNet.Identity;` – Overlord Nov 24 '16 at 08:06
@Overlord Or any other piece of middleware that sets the appropriate value in the request.Properties dictionary. – Darrel Miller Nov 24 '16 at 14:11
which current user would it be? the user under which the Web API services are running? – user1451111 Dec 14 '17 at 07:38
1

@DarrelMiller is there a way to get the same (say request context) from other parts of the code (not within controller). – Nameless Aug 28 '18 at 06:53
2

@AjayAradhya Only if you pass it there. Previous efforts on web frameworks have shown that using static properties to access request context causes all kinds of architectural problems. It's convenient at first but it causes soooooo much pain long term. – Darrel Miller Aug 28 '18 at 13:44
Hey thanks a lot! I was wondering all over the web trying to find a static ancestor for web api calls. You saved my day. Will pass it as parameter wherever required :) – Nameless Aug 29 '18 at 06:35
If you are not able to find the property then its possible that you are using the static Class RequestContext, the RequestContext.Principal property is on the filterContext parameter when you override the AuthorizeAttribute. e.g.; filterContext.RequestContext.Principal – user1131926 Oct 03 '19 at 11:12

score 42 · Answer 2 · answered Nov 11 '14 at 14:19

42

You can also access the principal using the User property on ApiController.

So the following two statements are basically the same:

string id;
id = User.Identity.GetUserId();
id = RequestContext.Principal.Identity.GetUserId();

answered Nov 11 '14 at 14:19

Patrick

17,669
6
70
85

15

I am trying to use what you've written here but the GetUserId() function always returns null. The user is auth'd, I'm passing a bearer token, and the ApiController has the [Authorize] header – Joshua Ohana Feb 22 '15 at 13:52
1

The GetUserId() function returns an ID only if the user has a NameIdentifier claim. For an example of how to resolve this, refer to Oswaldo's answer here: https://stackoverflow.com/questions/19505526 – jramm May 16 '20 at 02:24

score 16 · Answer 3 · answered Oct 18 '15 at 05:50

Hint lies in Webapi2 auto generated account controller

Have this property with getter defined as

public string UserIdentity
        {
            get
            {
                var user = UserManager.FindByName(User.Identity.Name);
                return user;//user.Email
            }
        }

and in order to get UserManager - In WebApi2 -do as Romans (read as AccountController) do

public ApplicationUserManager UserManager
        {
            get { return HttpContext.Current.GetOwinContext().GetUserManager<ApplicationUserManager>(); }
        }

This should be compatible in IIS and self host mode

score 11 · Answer 4 · answered Jan 10 '17 at 05:15

None of the suggestions above worked for me. The following did!

HttpContext.Current.Request.LogonUserIdentity.Name

I guess there's a wide variety of scenarios and this one worked for me. My scenario involved an AngularJS frontend and a Web API 2 backend application, both running under IIS. I had to set both applications to run exclusively under Windows Authentication.

No need to pass any user information. The browser and IIS exchange the logged on user credentials and the Web API has access to the user credentials on demand (from IIS I presume).

Note, HttpContext.Current.Request.LogonUserIdentity returns WindowsIdentity. — College Code, Jun 27 '21 at 15:43

score 7 · Answer 5 · edited May 15 '16 at 12:19

7

Karan Bhandari's answer is good, but the AccountController added in a project is very likely a Mvc.Controller. To convert his answer for use in an ApiController change HttpContext.Current.GetOwinContext() to Request.GetOwinContext() and make sure you have added the following 2 using statements:

using Microsoft.AspNet.Identity;
using Microsoft.AspNet.Identity.Owin;

edited May 15 '16 at 12:19

Mohsen Esmailpour

11,224
3
45
66

answered Feb 02 '16 at 01:18

Jeff Leach

126
1
4

Venkatesh Muniyandi · Answer 6 · 2017-08-24T00:49:55.863

6

In .Net Core use User.Identity.Name to get the Name claim of the user.

edited Aug 24 '17 at 00:49

answered Jan 30 '17 at 06:02

Venkatesh Muniyandi

5,132
2
37
40

2

`User.Identity.Name` gets the value of the [name](http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name) claim. It's not Active Directory-specific. – Nate Barbettini Aug 23 '17 at 23:36
@Nate Thanks for your comment, I've fixed it – Venkatesh Muniyandi Aug 24 '17 at 00:50

score 3 · Answer 7 · edited May 23 '17 at 11:47

3

If you are using Asp.Identity UseManager, it automatically sets the value of

RequestContext.Principal.Identity.GetUserId()

based on IdentityUser you use in creating the IdentityDbContext.

If ever you are implementing a custom user table and owin token bearer authentication, kindly check on my answer.

How to get user context during Web Api calls?

Hope it still helps. :)

edited May 23 '17 at 11:47

Community

1
1

answered Sep 01 '16 at 04:11

pampi

517
4
8

Shaun Luttin · Answer 8 · 2014-02-07T03:09:54.007

1

string userName;
string userId;
if (HttpContext.Current != null && HttpContext.Current.User != null 
        && HttpContext.Current.User.Identity.Name != null)
{
    userName = HttpContext.Current.User.Identity.Name;
    userId = HttpContext.Current.User.Identity.GetUserId();
}

Or based on Darrel Miller's comment, maybe use this to retrieve the HttpContext first.

// get httpContext
object httpContext;
actionContext.Request.Properties.TryGetValue("MS_HttpContext", out httpContext);

Get the current user, within an ApiController action, without passing the userID as a parameter

8 Answers8

Linked