ASP.NET MVC 5 - Identity. How to get current ApplicationUser
You should not need to query the database directly for the current ApplicationUser.
That introduces a new dependency of having an extra context for starters, but going forward the user database tables change (3 times in the past 2 years) but the API is consistent. For example the users
table is now called AspNetUsers
in Identity Framework, and the names of several primary key fields kept changing, so the code in several answers will no longer work as-is.
Another problem is that the underlying OWIN access to the database will use a separate context, so changes from separate SQL access can produce invalid results (e.g. not seeing changes made to the database). Again the solution is to work with the supplied API and not try to work-around it.
The correct way to access the current user object in ASP.Net identity (as at this date) is:
var user = UserManager.FindById(User.Identity.GetUserId());
or, if you have an async action, something like:
var user = await UserManager.FindByIdAsync(User.Identity.GetUserId());
FindById
requires you have the following using statement so that the non-async UserManager
methods are available (they are extension methods for UserManager, so if you do not include this you will only see FindByIdAsync
):
using Microsoft.AspNet.Identity;
If you are not in a controller at all (e.g. you are using IOC injection), then the user id is retrieved in full from:
System.Web.HttpContext.Current.User.Identity.GetUserId();
If you are not in the standard Account controller you will need to add the following (as an example) to your controller:
1. Add these two properties:
/// <summary>
/// Application DB context
/// </summary>
protected ApplicationDbContext ApplicationDbContext { get; set; }
/// <summary>
/// User manager - attached to application DB context
/// </summary>
protected UserManager<ApplicationUser> UserManager { get; set; }
2. Add this in the Controller's constructor:
this.ApplicationDbContext = new ApplicationDbContext();
this.UserManager = new UserManager<ApplicationUser>(new UserStore<ApplicationUser>(this.ApplicationDbContext));
Update March 2015
Note: The most recent update to Identity framework changes one of the underlying classes used for authentication. You can now access it from the Owin Context of the current HttpContent.
ApplicationUser user = System.Web.HttpContext.Current.GetOwinContext().GetUserManager<ApplicationUserManager>().FindById(System.Web.HttpContext.Current.User.Identity.GetUserId());
Addendum:
When using EF and Identity Framework with Azure, over a remote database connection (e.g. local host testing to Azure database), you can randomly hit the dreaded “error: 19 - Physical connection is not usable”. As the cause is buried away inside Identity Framework, where you cannot add retries (or what appears to be a missing .Include(x->someTable)
), you need to implement a custom SqlAzureExecutionStrategy
in your project.
ASP.NET Core Identity - get current user
If your code is inside an MVC controller:
public class MyController : Microsoft.AspNetCore.Mvc.Controller
From the Controller
base class, you can get the ClaimsPrincipal
from the User
property
System.Security.Claims.ClaimsPrincipal currentUser = this.User;
You can check the claims directly (without a round trip to the database):
bool isAdmin = currentUser.IsInRole("Admin");
var id = _userManager.GetUserId(User); // Get user id:
Other fields can be fetched from the database's User entity:
Get the user manager using dependency injection
private UserManager<ApplicationUser> _userManager;
//class constructor
public MyController(UserManager<ApplicationUser> userManager)
{
_userManager = userManager;
}And use it:
var user = await _userManager.GetUserAsync(User);
var email = user.Email;
If your code is a service class, you can use dependency injection to get an IHttpContextAccessor
that lets you get the User
from the HttpContext.
private IHttpContextAccessor _httpContextAccessor;
public MyClass(IHttpContextAccessor httpContextAccessor)
{
_httpContextAccessor = httpContextAccessor;
}
private void DoSomething()
{
var user = _httpContextAccessor.Context?.User;
}
How to get the current logged in user ID in ASP.NET Core?
I included using System.Security.Claims and I could access the GetUserId() extension method
NB: I had the using Microsoft.AspNet.Identity already but couldn't get the extension method. So I guess both of them have to be used in conjunction with one another
using Microsoft.AspNet.Identity;
using System.Security.Claims;
EDIT:
This answer is now outdated. Look at Soren's or Adrien's answer for a dated way of achieving this in CORE 1.0
Get current ApplicationUser in layout view
You can add avatar property as IdentityClaim
public class ApplicationUser : IdentityUser
{
public string Avatar { get; set; }
public async Task<ClaimsIdentity> GenerateUserIdentityAsync(UserManager<ApplicationUser> manager)
{
var userIdentity = await manager.CreateIdentityAsync(this, DefaultAuthenticationTypes.ApplicationCookie);
userIdentity.AddClaim(new Claim("avatar", this.Avatar));
return userIdentity;
}
}
Inside razor view you can access it like this
@{
var avatar = ((ClaimsIdentity)User.Identity).FindFirst("avatar");
}
Get UserID of logged-in user in Asp.Net MVC 5
The answer is right there in your code. What does this return?
var userID = User.Identity.GetUserId();
If you are using ASP.NET Identity, then after logging in (and redirecting to another page), the IPrincipal.IIdentity
should be a ClaimsIdentity
. You can try this:
var claimsIdentity = User.Identity as ClaimsIdentity;
if (claimsIdentity != null)
{
// the principal identity is a claims identity.
// now we need to find the NameIdentifier claim
var userIdClaim = claimsIdentity.Claims
.FirstOrDefault(x => x.Type == ClaimTypes.NameIdentifier);
if (userIdClaim != null)
{
var userIdValue = userIdClaim.Value;
}
}
The above block of code is not exactly, but essentially, what the IIdentity.GetUserId
extension method does.
If none of this works, then the user may not really be logged into your site yet. After logging in, you have to redirect to another page before the server will write the authentication cookie to the browser. This cookie must be written before the User.Identity
has all of this claims information (including the NameIdentifier
) on subsequent requests.
How to get current user, and how to use User class in MVC5?
If you're coding in an ASP.NET MVC Controller, use
using Microsoft.AspNet.Identity;
...
User.Identity.GetUserId();
Worth mentioning that User.Identity.IsAuthenticated
and User.Identity.Name
will work without adding the above mentioned using
statement. But GetUserId()
won't be present without it.
If you're in a class other than a Controller, use
HttpContext.Current.User.Identity.GetUserId();
In the default template of MVC 5, user ID is a GUID stored as a string.
No best practice yet, but found some valuable info on extending the user profile:
- Overview of
Identity
: https://devblogs.microsoft.com/aspnet/introducing-asp-net-identity-a-membership-system-for-asp-net-applications/ - Example solution regarding how to extend the user profile by adding an extra property: https://github.com/rustd/AspnetIdentitySample
ASP.net identity: How to get current IdentityUser (ApplicationUser)? Where is UserManager.FindById?
FindById
is an extension method coming from Microsoft.AspNet.Identity.UserManagerExtensions
class. It is a part of Microsoft.AspNet.Identity.Core
nuget package.
You should add
using Microsoft.AspNet.Identity;
to your code to start using non-async methods.
Get ASP.NET Identity Current User In View
If there are only specific properties that you need to get, you can add them as claims in your ApplicationUser class like the following example:
public async Task<ClaimsIdentity> GenerateUserIdentityAsync(UserManager<ApplicationUser, int> manager)
{
// Note the authenticationType must match the one defined in CookieAuthenticationOptions.AuthenticationType
var userIdentity = await manager.CreateIdentityAsync(this, DefaultAuthenticationTypes.ApplicationCookie);
// Add custom user claims here
userIdentity.AddClaim(new Claim("FullName", this.FullName));
// or use the ClaimTypes enumeration
return userIdentity;
}
This gets wired up from the Startup.Auth class:
SessionStateSection sessionStateSection = ConfigurationManager.GetSection("system.web/sessionState") as SessionStateSection;
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/account/login"),
CookieName = sessionStateSection.CookieName + "_Application",
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser, int>
(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentityCallback: (manager, user) => user.GenerateUserIdentityAsync(manager),
getUserIdCallback: (id) => (id.GetUserId<int>())
)
}
});
Then, you can access the claim (in a view or in a controller):
var claims = ((System.Security.Claims.ClaimsIdentity)User.Identity).Claims;
var claim = claims.SingleOrDefault(m => m.Type == "FullName");
No forms authentication tickets here.
If you want the full user details available, you could always create an extension method like the following:
public static ApplicationUser GetApplicationUser(this System.Security.Principal.IIdentity identity)
{
if (identity.IsAuthenticated)
{
using (var db = new AppContext())
{
var userManager = new ApplicationUserManager(new ApplicationUserStore(db));
return userManager.FindByName(identity.Name);
}
}
else
{
return null;
}
}
And call it like this:
@User.Identity.GetApplicationUser();
I would recommend caching if you're calling this all this time, however.
Related Topics
Regular Expression to Split on Spaces Unless in Quotes
How to Pass Values Across the Pages in ASP.NET Without Using Session
Is It Safe to Check Floating Point Values for Equality to 0
How to Create an Animated Gif in .Net
Call Static Method with Reflection
Is the Use of Dynamic Considered a Bad Practice
Find a String Between 2 Known Values
Garbage Collector and Circular Reference
Why Are Unsigned Int's Not Cls Compliant
Generic Constraint to Match Numeric Types
How to Limit the Maximum Number of Parallel Tasks in C#
ASP.NET File Download from Server
How to Format a Datetime in a Different Format