ASP.NET MVC Post Authentication IoC setup

Question

I have an http client wrapper that I'm injecting into all my controllers. If a user is authenticated, the injected wrapper should have some properties set with the authenticated user information.

I currently have this:

[System.Web.Mvc.Authorize]
public class ProfileController : Controller
{
    private readonly IMyClient client;

    public ProfileController()
    {
        string apiKey = ConfigurationManager.AppSettings["ApiKey"];
        client = new MyClient(apiKey);

        SetupClient();
    }

    private void SetupClient()
    {
        if (Thread.CurrentPrincipal.Identity.IsAuthenticated)
        {
            var identity = Thread.CurrentPrincipal.Identity as ClaimsIdentity;
            var tokenClaim = identity.Claims.First(c => c.Type == ClaimTypes.Sid);
            client.AddCredentials(tokenClaim.Value);
        }
    }
}

I would like to offload SetupClient to somewhere that will allow me to do dependency injection of IMyClient.

Essentially I want to implement this solution:

ProfileController.cs

[System.Web.Mvc.Authorize]
public class ProfileController : Controller
{
    private readonly IMyClient client;

    public ProfileController(IMyClient client)
    {
        this.client = client;
    }
}

Startup.cs

public partial class Startup
{
    public void Configuration(IAppBuilder app)
    {
        IoCConfig.RegisterIoC(app);
        ConfigureAuth(app);
    }
}

IoCConfig.cs

public class IoCConfig
{
    public static void RegisterIoC(IAppBuilder app)
    {
        var container = new Container();
        container.Register<IMyClient>(
            () =>
            {
                var apiKey = ConfigurationManager.AppSettings["APIKey"];
                var myClient= new MyClient(apiKey);

                // This will not work as this code is executed on app start
                // The identity will not be of the user making the web request
                var identity = Thread.CurrentPrincipal.Identity as ClaimsIdentity;
                var tokenClaim = identity.Claims.First(c => c.Type == ClaimTypes.Sid);
                client.AddCredentials(tokenClaim.Value);

                return myClient;
            });
        // Register the dependency resolver.
        DependencyResolver.SetResolver(
            new SimpleInjectorDependencyResolver(container));
    }
}

I'm stuck in the code for IoCConfig to extract information of the authenticated user (if the user is authenticated) and setup the client for injection. Any help here?

My IoC framework is SimpleInjector but I'd like an agnostic solution.

Answer 1

This is how I would do it

public class ProfileController : Controller
{
    private readonly MyClient _client;

    public ProfileController()
    {
        var clientInfo = Resolve<IClientInfo>(); // call out to your service locator
        _client = clientInfo.GetClient();
    }
}

public interface IClientInfo
{
    MyClient GetClient();
}

public interface IAuth
{
    System.Security.Claim GetSidClaim();
}

public class ClientInfo : IClientInfo
{
    private readonly IAuth _auth;

    public ClientInfo(IAuth auth)
    {
        _auth = auth;
    }

    public MyClient GetClient()
    {
        var apiKey = ApiKey;
        var client = new MyClient(apiKey);
        var claim = _auth.GetSidClaim();
        client.AddCredentials(claim.Value);

        return client;
    }

    protected virtual string ApiKey
    {
        get { return ConfigurationManager.AppSettings["APIKey"]; }
    }
}

Answer 2

I solved this by a version of what CRice posted by using a factory delegate:

ProfileController.cs

[System.Web.Mvc.Authorize]
public class ProfileController : Controller
{
    private readonly IMyClient client;

    public ProfileController(Func<IMyClient> clientFactory)
    {
        client = clientFactory.Invoke();
    }

}

IoCConfig.cs

public class IoCConfig
{
    public static void RegisterIoC(IAppBuilder app)
    {
        // Create the container as usual.
        Container container = new Container();

        // Registering as a factory delegate because we need the user authentication information if any.
        container.RegisterSingle<Func<IMyClient>>(() =>
        {

            string apiKey = ConfigurationManager.AppSettings["ApiKey"];
            var myClient = new MyClient(apiKey);
            if (Thread.CurrentPrincipal.Identity.IsAuthenticated)
            {
                var identity = Thread.CurrentPrincipal.Identity as ClaimsIdentity;
                var tokenClaim = identity.Claims.First(c => c.Type == ClaimTypes.Sid);
                myClient.AddCredentials(tokenClaim.Value);
            }
            return myClient;
        });


        // This is an extension method from the integration package.
        container.RegisterMvcControllers(Assembly.GetExecutingAssembly());

        // This is an extension method from the integration package as well.
        container.RegisterMvcIntegratedFilterProvider();

        container.Verify();
        DependencyResolver.SetResolver(
    new SimpleInjectorDependencyResolver(container));
    }
}

Answer 3

I'd take a look at NInject and the MVC extensions...

http://ninject.codeplex.com/wikipage?title=Dependency%20Injection%20With%20Ninject http://www.codeproject.com/Articles/412383/Dependency-Injection-in-asp-net-mvc-and-webapi-us

When setup correctly it's just a matter of creating a binding for IMyClient NInject will implicitly inject it for you. There are lots of other injection frameworks out there, NInject is just the one I've chosen. Each of them will give you a substantial benefit over anything you could cook up on your own. e.g. with NInject you can create bindings that inject a singleton across your app or a binding that injects a singleton for each request.

In NInject you could create a binding something like

Bind<IMyClient>().ToMethod(x => SetupClient(x)).InRequestScope();

private IMyClient SetupClient(IContext context)
{
    string apiKey = ConfigurationManager.AppSettings["ApiKey"];
    var client = new MyClient(apiKey);
    if (Thread.CurrentPrincipal.Identity.IsAuthenticated)
    {
        var identity = Thread.CurrentPrincipal.Identity as ClaimsIdentity;
        var tokenClaim = identity.Claims.First(c => c.Type == ClaimTypes.Sid);
        client.AddCredentials(tokenClaim.Value);
    }
    return client;
}

InRequestScope says that NInject should create a single instance for each request...

https://github.com/ninject/Ninject.Web.Common/wiki/InRequestScope

I think the equivalent in SimpleInjector is...

https://simpleinjector.codeplex.com/wikipage?title=ObjectLifestyleManagement#PerWebRequest

Is the answer as simple as changing your code to...

public static void RegisterIoC(IAppBuilder app)
{
    var container = new Container();
    container.RegisterPerWebRequest<IMyClient>(
        () =>
        {
            ...