I have a basic C# 2.0 .Net Core API. Inside a controller, I call User.Identity to get the logged in user's information. I use IdentityServer 4 with Jwt Bearer Authentication. The issue is User
is null. Yet in the NLog output it correctly finds my name and says I logged in. I tried sending the wrong token and it denies me correctly.
017-12-14 11:21:57.6788||INFO|Microsoft.AspNetCore.Hosting.Internal.WebHost|Request starting HTTP/1.1 GET http://localhost:62150/api/v1/user
2017-12-14 11:21:58.9575||INFO|Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler|Successfully validated the token.
2017-12-14 11:21:58.9637||INFO|Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler|AuthenticationScheme: BearerIdentityServerAuthenticationJwt was successfully authenticated.
2017-12-14 11:21:58.9637||INFO|IdentityServer4.AccessTokenValidation.IdentityServerAuthenticationHandler|AuthenticationScheme: Bearer was successfully authenticated.
2017-12-14 11:21:59.0217||INFO|Microsoft.AspNetCore.Authorization.DefaultAuthorizationService|Authorization was successful for user: Ken.
2017-12-14 11:21:59.1724||INFO|Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker|Executing action method Controllers.UserController.Index with arguments ((null)) - ModelState is Valid
2017-12-14 11:22:01.7092||INFO|Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker|Executed action Controllers.UserController.Index in 2690.9354ms
2017-12-14 11:22:01.7548||ERROR|Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware|An unhandled exception has occurred while executing the request Object reference not set to an instance of an object.
[Route("api/v1/[controller]")]
[Authorize]
public class UserController : ApiController
{
/// <summary>
/// GET /user
/// </summary>
/// <remarks>Get information about the current logged in user. Required Authorization.</remarks>
/// <returns></returns>
[HttpGet]
public async Task<IActionResult> Index()
{
var identity = this.User.Identity.GetUserGuid();
}
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseCors("default");
app.UseAuthentication();
app.UseMvc();
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddMvcCore()
.AddAuthorization()
.AddJsonFormatters();
services.AddMemoryCache();
services.AddCors(o => o.AddPolicy("default", builder =>
{
builder.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader();
}));
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
.AddIdentityServerAuthentication(options =>
{
options.Authority = "http://localhost:5000"; // Auth Server
options.RequireHttpsMetadata = false; // only for development
options.ApiName = "webApi"; // API Resource Id
options.SaveToken = true;
});
}
The issue was because I was calling ApiController and not the new Mvc BaseController. Issue resolved.