in the WebApi I can get the current user using AspIdentity that way
User.Identity.GetUserId<long>();
However, The service Layer doesn't know about the AspIdentity. And I don't want to passe the current user as paramettre for all the methodes.
In other word, what pattern I can use to get the current user wherever I want.
The reason for this is to log all the activity the current user is doing in the application.
APIs are intended to be stateless, you may use the current logged in user, but you may have a 3rd party application accessing your API. Because it is stateless the current user is handled differently than with standard web calls.
Long story short: however you're authenticating your API users, you need to pass the username/userID down into the service layer. The good news is that once you have this setup, you can use the same service layer methods for API and non-API calls.
Finally this is how I implemented it.
In the Framework Layer (a comun independent project) I added this:
public interface ICurrentContextProvider<T>
{
T GetCurrentUser();
}
In the API I Added the implementation of this interface, something like :
public ApplicationUser GetCurrentUser()
{
return _usersService.FindByIdAsync(Convert.ToInt64(HttpContext.Current.User.Identity.GetUserId())).Result;
}
And As the all other layers know about the Framework Layer I can call it anywhere without any reference to AspIdentity and without passing the Current user to all my functions.
Note: I make it a generic because of the following: 1-Framework (common layer) doesn't know about application user 2-I can get any other type from the context like the ApplicationUserId which is Long.