RCommon.Web

ASP.NET Core integration for the RCommon security abstractions. Provides HttpContextCurrentPrincipalAccessor which resolves the current ClaimsPrincipal from HttpContext.User instead of Thread.CurrentPrincipal, making ICurrentUser, ICurrentClient, ITenantIdAccessor, and all claims-based security abstractions work correctly in web applications.

Features

HTTP context principal accessor -- HttpContextCurrentPrincipalAccessor reads the authenticated user from IHttpContextAccessor.HttpContext.User
One-line DI registration -- WithClaimsAndPrincipalAccessorForWeb() registers all security services wired to the HTTP context
Drop-in replacement -- use instead of WithClaimsAndPrincipalAccessor() in ASP.NET Core applications
Targets .NET 8, .NET 9, and .NET 10

Installation

dotnet add package RCommon.Web

Usage

Why This Package?

The default ThreadCurrentPrincipalAccessor (from RCommon.Security) reads from Thread.CurrentPrincipal, which is null in ASP.NET Core. This means ICurrentUser, ClaimsTenantIdAccessor, and all claims-based services silently return null in web apps.

HttpContextCurrentPrincipalAccessor bridges this gap by reading from HttpContext.User.

Registration

Replace WithClaimsAndPrincipalAccessor() with WithClaimsAndPrincipalAccessorForWeb() in your ASP.NET Core application:

using RCommon;

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddRCommon(config =>
{
    // Use this instead of config.WithClaimsAndPrincipalAccessor()
    config.WithClaimsAndPrincipalAccessorForWeb();
});

Type	Description
`HttpContextCurrentPrincipalAccessor`	`ICurrentPrincipalAccessor` implementation that reads from `HttpContext.User`
`WebConfigurationExtensions`	Provides `WithClaimsAndPrincipalAccessorForWeb()` extension method for DI registration

jasonmwebb/RCommon.Webv2.4.1

Get Started

Readme

RCommon.Web

Features

Installation

Usage

Why This Package?

Registration

Using Security Services

Key Types

Documentation

Related Packages

License