ASP.NET MVC 5 - Identity. How to Get Current Applicationuser

ASP.NET MVC 5 - Identity. How to get current ApplicationUser

You should not need to query the database directly for the current ApplicationUser.

That introduces a new dependency of having an extra context for starters, but going forward the user database tables change (3 times in the past 2 years) but the API is consistent. For example the users table is now called AspNetUsers in Identity Framework, and the names of several primary key fields kept changing, so the code in several answers will no longer work as-is.

Another problem is that the underlying OWIN access to the database will use a separate context, so changes from separate SQL access can produce invalid results (e.g. not seeing changes made to the database). Again the solution is to work with the supplied API and not try to work-around it.

The correct way to access the current user object in ASP.Net identity (as at this date) is:

var user = UserManager.FindById(User.Identity.GetUserId());

or, if you have an async action, something like:

var user = await UserManager.FindByIdAsync(User.Identity.GetUserId());

FindById requires you have the following using statement so that the non-async UserManager methods are available (they are extension methods for UserManager, so if you do not include this you will only see FindByIdAsync):

using Microsoft.AspNet.Identity;

If you are not in a controller at all (e.g. you are using IOC injection), then the user id is retrieved in full from:

System.Web.HttpContext.Current.User.Identity.GetUserId();

If you are not in the standard Account controller you will need to add the following (as an example) to your controller:

1. Add these two properties:

    /// <summary>
    /// Application DB context
    /// </summary>
    protected ApplicationDbContext ApplicationDbContext { get; set; }

    /// <summary>
    /// User manager - attached to application DB context
    /// </summary>
    protected UserManager<ApplicationUser> UserManager { get; set; }

2. Add this in the Controller's constructor:

    this.ApplicationDbContext = new ApplicationDbContext();
    this.UserManager = new UserManager<ApplicationUser>(new UserStore<ApplicationUser>(this.ApplicationDbContext));

Update March 2015

Note: The most recent update to Identity framework changes one of the underlying classes used for authentication. You can now access it from the Owin Context of the current HttpContent.

ApplicationUser user = System.Web.HttpContext.Current.GetOwinContext().GetUserManager<ApplicationUserManager>().FindById(System.Web.HttpContext.Current.User.Identity.GetUserId());

Addendum:

When using EF and Identity Framework with Azure, over a remote database connection (e.g. local host testing to Azure database), you can randomly hit the dreaded “error: 19 - Physical connection is not usable”. As the cause is buried away inside Identity Framework, where you cannot add retries (or what appears to be a missing .Include(x->someTable)), you need to implement a custom SqlAzureExecutionStrategy in your project.

ASP.NET Core Identity - get current user

If your code is inside an MVC controller:

public class MyController : Microsoft.AspNetCore.Mvc.Controller

From the Controller base class, you can get the ClaimsPrincipal from the User property

System.Security.Claims.ClaimsPrincipal currentUser = this.User;

You can check the claims directly (without a round trip to the database):

bool isAdmin = currentUser.IsInRole("Admin");
var id = _userManager.GetUserId(User); // Get user id:

Other fields can be fetched from the database's User entity:

  1. Get the user manager using dependency injection

    private UserManager<ApplicationUser> _userManager;

    //class constructor
    public MyController(UserManager<ApplicationUser> userManager)
    {
        _userManager = userManager;
    }

  2. And use it:

    var user = await _userManager.GetUserAsync(User);
    var email = user.Email;

If your code is a service class, you can use dependency injection to get an IHttpContextAccessor that lets you get the User from the HttpContext.

    private IHttpContextAccessor _httpContextAccessor;

    public MyClass(IHttpContextAccessor httpContextAccessor)
    {
        _httpContextAccessor = httpContextAccessor;
    }

    private void DoSomething()
    {
        var user = _httpContextAccessor.Context?.User;
    }

How to get the current logged in user ID in ASP.NET Core?

I included using System.Security.Claims and I could access the GetUserId() extension method

NB: I had the using Microsoft.AspNet.Identity already but couldn't get the extension method. So I guess both of them have to be used in conjunction with one another

using Microsoft.AspNet.Identity;
using System.Security.Claims;

EDIT:
This answer is now outdated. Look at Soren's or Adrien's answer for a dated way of achieving this in CORE 1.0

Get current ApplicationUser in layout view

You can add avatar property as IdentityClaim

public class ApplicationUser : IdentityUser
{
     public string Avatar { get; set; }
     public async Task<ClaimsIdentity> GenerateUserIdentityAsync(UserManager<ApplicationUser> manager)
     {
           var userIdentity = await manager.CreateIdentityAsync(this, DefaultAuthenticationTypes.ApplicationCookie);
           userIdentity.AddClaim(new Claim("avatar", this.Avatar));
           return userIdentity;
     }
}

Inside razor view you can access it like this

@{
    var avatar = ((ClaimsIdentity)User.Identity).FindFirst("avatar");
}

Get UserID of logged-in user in Asp.Net MVC 5

The answer is right there in your code. What does this return?

var userID = User.Identity.GetUserId();

If you are using ASP.NET Identity, then after logging in (and redirecting to another page), the IPrincipal.IIdentity should be a ClaimsIdentity. You can try this:

var claimsIdentity = User.Identity as ClaimsIdentity;
if (claimsIdentity != null)
{
    // the principal identity is a claims identity.
    // now we need to find the NameIdentifier claim
    var userIdClaim = claimsIdentity.Claims
        .FirstOrDefault(x => x.Type == ClaimTypes.NameIdentifier);

    if (userIdClaim != null)
    {
        var userIdValue = userIdClaim.Value;
    }
}

The above block of code is not exactly, but essentially, what the IIdentity.GetUserId extension method does.

If none of this works, then the user may not really be logged into your site yet. After logging in, you have to redirect to another page before the server will write the authentication cookie to the browser. This cookie must be written before the User.Identity has all of this claims information (including the NameIdentifier) on subsequent requests.

How to get current user, and how to use User class in MVC5?

If you're coding in an ASP.NET MVC Controller, use

using Microsoft.AspNet.Identity;

...

User.Identity.GetUserId();

Worth mentioning that User.Identity.IsAuthenticated and User.Identity.Name will work without adding the above mentioned using statement. But GetUserId() won't be present without it.

If you're in a class other than a Controller, use

HttpContext.Current.User.Identity.GetUserId();

In the default template of MVC 5, user ID is a GUID stored as a string.

No best practice yet, but found some valuable info on extending the user profile:

  • Overview of Identity: https://devblogs.microsoft.com/aspnet/introducing-asp-net-identity-a-membership-system-for-asp-net-applications/
  • Example solution regarding how to extend the user profile by adding an extra property: https://github.com/rustd/AspnetIdentitySample

ASP.net identity: How to get current IdentityUser (ApplicationUser)? Where is UserManager.FindById?

FindById is an extension method coming from Microsoft.AspNet.Identity.UserManagerExtensions class. It is a part of Microsoft.AspNet.Identity.Core nuget package.

You should add 

using Microsoft.AspNet.Identity;

to your code to start using non-async methods.

Get ASP.NET Identity Current User In View

If there are only specific properties that you need to get, you can add them as claims in your ApplicationUser class like the following example:

public async Task<ClaimsIdentity> GenerateUserIdentityAsync(UserManager<ApplicationUser, int> manager)
{
    // Note the authenticationType must match the one defined in CookieAuthenticationOptions.AuthenticationType
    var userIdentity = await manager.CreateIdentityAsync(this, DefaultAuthenticationTypes.ApplicationCookie);
    // Add custom user claims here
    userIdentity.AddClaim(new Claim("FullName", this.FullName));
    // or use the ClaimTypes enumeration
    return userIdentity;
}

This gets wired up from the Startup.Auth class:

    SessionStateSection sessionStateSection = ConfigurationManager.GetSection("system.web/sessionState") as SessionStateSection;
    app.UseCookieAuthentication(new CookieAuthenticationOptions
    {
        AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
        LoginPath = new PathString("/account/login"),
        CookieName = sessionStateSection.CookieName + "_Application",
        Provider = new CookieAuthenticationProvider
        {
            // Enables the application to validate the security stamp when the user logs in.
            OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser, int>
                (
                     validateInterval: TimeSpan.FromMinutes(30),
                     regenerateIdentityCallback: (manager, user) => user.GenerateUserIdentityAsync(manager),
                     getUserIdCallback: (id) => (id.GetUserId<int>())
                ) 

        }
    });

Then, you can access the claim (in a view or in a controller):

var claims = ((System.Security.Claims.ClaimsIdentity)User.Identity).Claims;
var claim = claims.SingleOrDefault(m => m.Type == "FullName");

No forms authentication tickets here.

If you want the full user details available, you could always create an extension method like the following:

public static ApplicationUser GetApplicationUser(this System.Security.Principal.IIdentity identity)
{
    if (identity.IsAuthenticated)
    {
        using (var db = new AppContext())
        {
            var userManager = new ApplicationUserManager(new ApplicationUserStore(db));
            return userManager.FindByName(identity.Name);
        }
    }
    else
    {
        return null;
    }        
}

And call it like this:

@User.Identity.GetApplicationUser();

I would recommend caching if you're calling this all this time, however.


Related Topics

Regular Expression to Split on Spaces Unless in Quotes

How to Pass Values Across the Pages in ASP.NET Without Using Session

Is It Safe to Check Floating Point Values for Equality to 0

How to Create an Animated Gif in .Net

C# Continuously Read File

Call Static Method with Reflection

Is the Use of Dynamic Considered a Bad Practice

Find a String Between 2 Known Values

Garbage Collector and Circular Reference

Why Are Unsigned Int's Not Cls Compliant

Generic Constraint to Match Numeric Types

How to Limit the Maximum Number of Parallel Tasks in C#

ASP.NET File Download from Server

What Are Generics in C#

Newtonsoft JSON Deserialize

How to Format a Datetime in a Different Format

Passing Variable Between Winforms

Could Not Find a Part of the Path ... Bin\Roslyn\Csc.Exe


Leave a reply



Submit