CODEWITHSUNDEEP
c#jqueryasp.net-web-api
user11341611
user11341611

Reputation:

How to get logged in user information in ASP.NET

I'm working on ASP.NET project and I tried to catch current logged in user information such as it's email address. It's easy to get that email address if the cookie information is used, but I don't want it. Because that is in low security. Here is some code I tried.

                var identity = (ClaimsPrincipal)Thread.CurrentPrincipal;
                string email = identity.Claims.Where(c => c.Type == ClaimTypes.Email)
                               .Select(c => c.Value).SingleOrDefault();
                return Ok(email);

But I got NULL of response. I think this is because of Token information and (ClaimPrincipal)Thread.CurrentPrincipal method. How can I get current user's information by using above codes.

Upvotes: 1

Views: 83

Answers (2)

user11341611
user11341611

Reputation:

If there is no Token authorization, the response is NULL. By using "Authorization" in request headers, I got email address and name of logged user.

Here are some codes to send request.

    var AuthData = JSON.parse(UserCustomService.getSessionStorage("Token")); //get Token
    var headers = {
        "Content-Type": "application/x-www-form-urlencoded",
        "Accept": "application/x-www-form-urlencoded",
        "cache-control": "no-cache",
        "Authorization": "Bearer " + AuthData.access_token, // Bearer:type of Token
    };

    var GetUserInformation = function () {

        var config = {
            "async": true,
            "crossDomain": true,
            "url": ApiBaseUrl + "/GetUserInformation", // user defined route
            "method": "GET",
            "headers": headers
        };

        $.ajax(config).done(function (response) {
            if (response) {
                return ShowUserInformation(response);
            } else return null;
        });
    }
    var ShowUserInformation = function (response) {
        $scope.User_EmailAddress = response.EmailAddress;
        $scope.User_FirstName = response.FirstName;
        $scope.User_LastName = response.LastName;
    }

Token should be in all request headers for getting and updating current user information in database because of security I think.

Upvotes: 0

Hien Nguyen
Hien Nguyen

Reputation: 18973

You must add customized claims after a user authenticates so you can use it after.

identity.AddClaim(new Claim(ClaimTypes.Email, user.Email));

Here is sample to add email to claims.

public ActionResult Login(LoginViewModel model, string returnUrl)
{
    if (ModelState.IsValid)
    {
        var user = _AccountService.VerifyPassword(model.UserName, model.Password, false);
        if (user != null)
        {
            var identity = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, model.UserName), }, DefaultAuthenticationTypes.ApplicationCookie, ClaimTypes.Name, ClaimTypes.Role);

            identity.AddClaim(new Claim(ClaimTypes.Role, user.Role));
            identity.AddClaim(new Claim(ClaimTypes.GivenName, user.Name));
            identity.AddClaim(new Claim(ClaimTypes.Email, user.Email));

            AuthenticationManager.SignIn(new AuthenticationProperties
            {
                IsPersistent = model.RememberMe
            }, identity);

            return RedirectToAction("Index", "Home");
        }
        else
        {
            ModelState.AddModelError("", "Invalid username or password.");
        }
    }

    return View(model);
}

Upvotes: 1

Related Questions