5

I need to get hold of the current HttpContextBase in an ASP.NET WEB API AuthorizeAttribute.

How do I get that from the HttpActionContext parameter in the overridden IsAuthorized()?

protected override bool IsAuthorized(HttpActionContext actionContext)
{
  // need to call code that requires the current Controllers HttpContextBase
}
Magnus Johansson
  • 28,010
  • 19
  • 106
  • 164
  • Can't you just use `HttpContext.Current`? – ataravati Mar 21 '14 at 20:03
  • Nope. Needs to be TDD-able. – Magnus Johansson Mar 21 '14 at 20:10
  • 1
    HttpContext isn't part of Web API, what is the actual information you are looking for. – Darrel Miller Mar 22 '14 at 21:33
  • @DarrelMiller, can you please provide a reference that back that claim? I need to read custom request headers in my AuthorizeAttribute. Problem solved, see answer. – Magnus Johansson Mar 23 '14 at 13:43
  • 1
    @Magnus Try running your Web API under self-host. There will be no static HttpContext. Request headers are on the request object which is a property of HttpActionContext. – Darrel Miller Mar 23 '14 at 14:48
  • Thanks, but I'm not so keen on doing authorization in the Action filters, I prefer to do that in authorization filters. Action filters are executed later in the pipeline than Authorization filters are. Besides, this implementation is not intended for self-Hosting scenarios at all – Magnus Johansson Mar 23 '14 at 16:18

2 Answers2

5

So I ended up using the HttpContextFactory approach as described in this answer: https://stackoverflow.com/a/9624433/3584

public class HttpContextFactory
{
    private static HttpContextBase m_context;
    public static HttpContextBase Current
    {
        get
        {
            if (m_context != null)
                return m_context;

            if (HttpContext.Current == null)
                throw new InvalidOperationException("HttpContext not available");

            return new HttpContextWrapper(HttpContext.Current);
        }
    }

    public static void SetCurrentContext(HttpContextBase context)
    {
        m_context = context;
    }
}

I replaced all code that needed the current HttpContext with:

HttpContextFactory.Current...

In my unit tests, I do:

HttpContextFactory.SetCurrentContext(GetMockedHttpContext());

The mocked context:

private HttpContextBase GetMockedHttpContext()
{
    var context = new Mock<HttpContextBase>();
    var request = new Mock<HttpRequestBase>();
    var response = new Mock<HttpResponseBase>();
    var session = new Mock<HttpSessionStateBase>();
    var server = new Mock<HttpServerUtilityBase>();
    var user = new Mock<IPrincipal>();
    var identity = new Mock<IIdentity>();
    var urlHelper = new Mock<UrlHelper>();

    var routes = new RouteCollection();
    MvcApplication.RegisterRoutes(routes);
    var requestContext = new Mock<RequestContext>();
    requestContext.Setup(x => x.HttpContext).Returns(context.Object);
    context.Setup(ctx => ctx.Request).Returns(request.Object);
    context.Setup(ctx => ctx.Response).Returns(response.Object);
    context.Setup(ctx => ctx.Session).Returns(session.Object);
    context.Setup(ctx => ctx.Server).Returns(server.Object);
    context.Setup(ctx => ctx.User).Returns(user.Object);
    user.Setup(ctx => ctx.Identity).Returns(identity.Object);
    identity.Setup(id => id.IsAuthenticated).Returns(true);
    identity.Setup(id => id.Name).Returns("test");
    request.Setup(req => req.Url).Returns(new Uri("http://www.google.com"));
    request.Setup(req => req.RequestContext).Returns(requestContext.Object);
    requestContext.Setup(x => x.RouteData).Returns(new RouteData());
    request.SetupGet(req => req.Headers).Returns(new NameValueCollection());

    return context.Object;
}
Community
  • 1
  • 1
Magnus Johansson
  • 28,010
  • 19
  • 106
  • 164
1

You can also use: new System.Web.HttpContextWrapper(System.Web.HttpContext.Current)

https://learn.microsoft.com/en-us/dotnet/api/system.web.httpcontextwrapper?view=netframework-4.8

Patrick Xavier Silerio
  • 114
  • 3