I'm having difficulty accessing session data in a custom authorization handler, while it works elsewhere.
Session works properly in controller actions, but when I try to access it with IHttpContextAccessor.HttpContext.Session
in a MyAuthorizationHandler.HandleRequirementAsync
, I get a InvalidOperationException
"Session has not been configured for this application or request.".
The IHttpContextAccessor
has access to query, cookies etc - but fails to access session data.
If I try to access the same MyAuthorizationHandler
's IHttpContextAccessor
from a controller, session data is available.
MyAuthorizationHandler
is injected as a singleton in ConfigureServices
, full order of initialization:
public void ConfigureServices(IServiceCollection services)
{
services.AddDistributedMemoryCache(); 🡄
services.AddSession(); 🡄
services.AddDefaultIdentity...
services.AddControllersWithViews();
services.AddRazorPages();
services.AddControllers...
services.AddAuthentication...
services.AddAuthorization...
services.AddHttpContextAccessor(); 🡄
services.AddSingleton<IAuthorizationHandler, MyAuthorizationHandler>(); 🡄
services.Configure<CookiePolicyOptions>...
services.AddMvc(o => o.EnableEndpointRouting = false);
}
public void Configure(...)
{
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseSession();
app.UseEndpoints...
app.UseMvc();
}
Note: I cannot use claims in this handler, I need session data.
The order of app.UseSession();
is incorrect , you should put it before any middleware which uses the session.
public void Configure(...)
{
app.UseSession();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints...
app.UseMvc();
}