How to access session data in IAuthorizationHandler in ASP.NET Core 3.1?
Question
I'm having difficulty accessing session data in a custom authorization handler, while it works elsewhere.
Session works properly in controller actions, but when I try to access it with IHttpContextAccessor.HttpContext.Session in a MyAuthorizationHandler.HandleRequirementAsync , I get a InvalidOperationException "Session has not been configured for this application or request.". The IHttpContextAccessor has access to query, cookies etc - but fails to access session data.
If I try to access the same MyAuthorizationHandler 's IHttpContextAccessor from a controller, session data is available.
MyAuthorizationHandler is injected as a singleton in ConfigureServices , full order of initialization:
public void ConfigureServices(IServiceCollection services)
{
services.AddDistributedMemoryCache(); 🡄
services.AddSession(); 🡄
services.AddDefaultIdentity...
services.AddControllersWithViews();
services.AddRazorPages();
services.AddControllers...
services.AddAuthentication...
services.AddAuthorization...
services.AddHttpContextAccessor(); 🡄
services.AddSingleton<IAuthorizationHandler, MyAuthorizationHandler>(); 🡄
services.Configure<CookiePolicyOptions>...
services.AddMvc(o => o.EnableEndpointRouting = false);
}
public void Configure(...)
{
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseSession();
app.UseEndpoints...
app.UseMvc();
}
Note: I cannot use claims in this handler, I need session data.
1 answers
solution1
5 ACCPTED 2020-03-06 06:42:15
The order of app.UseSession(); is incorrect , you should put it before any middleware which uses the session.
public void Configure(...)
{
app.UseSession();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints...
app.UseMvc();
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.