#SharePointProblems | Koskila.net
Solutions are worthless unless shared! Antti K. Koskela's Personal Professional Blog

Current User in ASP.NET Core

koskila
Reading Time 5 min
Word Count 778 words
Comments 60 comments
Rating 4.4 (18 votes)
#aspnetcore #blazor #c #ef-core
View
Share on X Share on LinkedIn Share on Facebook Share on Bluesky Share via Email

This post describes how to get the currently logged-in user using ASP.NET Core. This is compared with how it's done in ASP.NET Framework.

Background

In ASP.NET Core (and .NET Core in general), a lot of things are done a bit differently than what you might be used to if you're coming from the .NET Framework world. That's what I've been learning building more and more stuff with it, instead of good old .NET Framework. The learning curve is definitely there, but it's not that bad - most of the things work in a similar fashion, but a huge number of details are different.

In ASP.NET Framework, you'd do this by accessing HttpContext.Current.User and its properties (see below for an example), in .NET Core this is handled via dependency injection.

var username = HttpContext.Current.User.Identity.Name;

You can't do this in (most versions of) .NET Core. How to do it there, then?

Solution

Let's go through the steps first on a high level, and then take a closer look below.

Time needed: 10 minutes.

How to get the current user in ASP.NET Core?

  1. Make sure your application has permissions to request user properties or claims

    We obviously need to make sure our app actually gets enough information from AAD. That means your Azure AD app registration needs to be properly configured.

    Explaining this takes a while - it's described in a separate blog post. See details here.

  2. Modify your app startup to add the required background services

    ConfigureServices() needs a quick tweak to enable us to access HttpContext.

    See a code sample here.

  3. Implement the property/claim enumeration in your code

    Okay - so now we'll access the user context and find a claim we like!

    The code is lengthy, so it's described a little bit further down in the article. See a sample and details here.

Now, that's good - let's take a closer look at these 3 steps below!

Background

Now I'll describe how to manage user identity when developing your application - before that, you need to configure your application registration so that your identity provider supplies you with the user information in the first place. For Azure AD, see my other post, here:
https://www.koskila.net/iterating-group-memberships-using-claims-in-net-core/

When that all is done, let's jump into how you can access User/Identity in your program!

Modify your Startup

First, you add this to your Startup.cs -file's using statements:

using Microsoft.AspNetCore.Http

And then, in ConfigureServices:

public void ConfigureServices(IServiceCollection services)
{
  // omitted for clarity
  services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();
}

Or if you're at least on .NET Core 3.0, you can do this as well:

public void ConfigureServices(IServiceCollection services)
{
  // omitted for clarity
  services.Add<HttpContextAccessor>();
}

Accessing the User Properties in your code

Then you add these pieces of code to your Controller, database context, or other class:

  1. Private variable to hold the injected reference to our HttpContextAccessor
  2. New variable with the correct type (or interface) to the class constructor (like IHttpContextAccessor httpContextAccessor below)
  3. Assignment from the injected variable (in the constructor) to the hidden private variable (to make the reference available outside the constructor)

Below, my code is shown accessing the HttpContext (and through that, Current User) in a DbContext class. It's assigned in the constructor, after which you may use it in any other method!

private readonly IHttpContextAccessor _httpContextAccessor;

public ApplicationDbContext(DbContextOptions options, IHttpContextAccessor httpContextAccessor) : base(options)
{
   _httpContextAccessor = httpContextAccessor;
}

For our little example call further below, you'll need to add a reference to Claims like this:

using System.Security.Claims;

And finally, you call it like this - for example, to get the reference to the user, and grab their id:

var userId = _httpContextAccessor.HttpContext.User.FindFirst(ClaimTypes.NameIdentifier).Value;

This can be injected to Controllers and Views, Custom Components and if need be, properties passed to background Threads (don't pass the context! That'll break.)

How does this work with Blazor pages?

Ahh, Blazor - the cool kid on the block! Blazor pages require the same set-up (Startup.cs stuff), but you can just inject the service like this:

@page "/"

@using System.Security.Claims

@inject Microsoft.AspNetCore.Http.IHttpContextAccessor _httpContextAccessor

<h1>Hello, world!</h1>

Welcome to your new app, @user.

<SurveyPrompt Title="How is Blazor working for you?" />

@code {

    private string user = "";

    protected override void OnInitialized()
    {
        user = _httpContextAccessor.HttpContext.User.FindFirst(ClaimTypes.NameIdentifier).Value;

        base.OnInitialized();
    }
}

Nice and easy!

What about pure & classic Razor pages?

Okay, so here it's different because Razor takes care of some of the background work for you. If you're using Razor pages, you can just do this:

@{
    var username = HttpContext.User.Identity.Name;
}

That's because Razor exposes HttpContext in Razor.Component.

And with this, you should be good! :)

Did it help? Or is it lacking in detail? Any other comments? Let me know in the comments section below!

Share on X Share on LinkedIn Share on Facebook Share on Bluesky Share via Email

Related Posts

How to disable "Register" action in ASP.NET Core?

5y agoby koskila
#aspnetcore#authentication#c...

How to add creator/modified info to all of your EF models at once in .NET Core

5y agoby koskila
#aspnetcore#ef-core#entityframeworkcore

How to use UriHelper or NavigationManager in .NET Core 3.0 & Blazor?

5y agoby koskila
#aspnetcore#blazor#netcore...

Comments

Interactive comments not implemented yet. Showing legacy comments migrated from WordPress.
Andrew Barzyk
2019-07-21 10:30:41)
Sorry, as many comments start... I'm new to EF... I added the code to my DB Context and am getting this error: InvalidOperationException: The DbContext of type 'AppDbContext' cannot be pooled because it does not have a single public constructor accepting a single parameter of type DbContextOptions. Any chance you could explain in more detail how you "add this to your Controller, database context or other class?"
Antti K. Koskela
2019-07-26 10:42:14
Hi Andrew, Thanks for your comment - that's a valid point, the part should be clearer. I clarified it a bit - what you need to add, is the injection to the constructor. Your error might or might not be related to this requirement, though - but give it a try and see if it helps!
Amit Sadashiv Patil
2019-07-31 07:19:28)
When I am doing the above procedure in one of my controller class, it works. I am able to see the username. But when I do this procedure in my ApplicationDbContext (InterviewSchedulerContext class in my case) class, the above-mentioned solution does not work. I am getting "Microsoft.AspNetCore.Http.IHttpContextAccessor.HttpContext.get returned null" error. Error details: System.NullReferenceException HResult=0x80004003 Message=Object reference not set to an instance of an object. Source=InterviewScheduler StackTrace: at InterviewScheduler.Entities.InterviewSchedulerContext..ctor(DbContextOptions`1 options, IHttpContextAccessor httpContextAccessor) in C:\Users\amipatil\source\repos\InterviewScheduler 1857 83326\InterviewScheduler\Entities\InterviewSchedulerContext.cs:line 22 Could you help me out? Thank you in advance.
Antti K. Koskela
2019-08-03 02:05:58
Hi Amit, It does work for me in the DbContext class as well... Need to check this when I'm on my PC, but which .NET Core version are you on? And what are you trying to do in the DbContext exactly?
John Hermsen
2019-09-16 08:00:44
Hi Amit, EFCore uses an InternalServiceProvider which is different from the ApplicationServiceProvider. To access the application service provider you can use the IDbContextOptions service. E.g. constructor: public MyContext(IDbContextOptions dbContextOptions) { var coreOptionsExtension = _dbContextOptions?.FindExtension(); var context Accessor = coreOptionsExtensions.ApplicationServiceProvider.GetService(); } Hope this helps.
Alan
2019-08-15 18:02:55)
Hi Antti, Thanks for taking the time to post, but this isn't working for me at all. The 'FindFirst' method is returning NULL. When I inspect the _httpContextAccessor object, it doesn't appear to have a user information either. Do I need to run my app under IIS (full - not express) ? Do I need to try this with IE or Edge instead of Google Chrome? I'm currently using ASP.net Core 2.2 with Visual Studio 2019 Community and Chrome. Thanks, Alan
Antti K. Koskela
2019-08-15 18:45:31
Hi Alan, My dev configuration is Chrome or Brave with IIS Express (and the browser shouldn't make any difference anyway), so toolwise you should be good. What's the authentication method you have configured? Does registering a new user and accessing the site as them change the situation at all? I've applied the same configuration for .NET Core 2.1, 2.2 and 3.0 (preview 7) projects, so it should be functional.
Kanika
2019-09-04 03:42:15)
Can you please elaborate this.. unable to catch you after second step!
Ivan Salo
2019-09-16 04:43:51)
Hi Antti, I am getting an error in EF Core 2.2 The DbContext of type 'DataContext' cannot be pooled because it does not have a single public constructor accepting a single parameter of type DbContextOptions. Can you suggest how to resolve it? Thanks, Ivan Salo.
Antti K. Koskela
2019-09-26 10:27:51
Hi Ivan, Either switch to non-pooled version of the DbContext: services.AddDbContextPool -> services.AddDbContext Or make sure you have just 1 constructor for your DbContext accepting a parameter of type DbContextOptions. Cheers!
kintela
2019-11-07 12:04:56)
Hi Antti, I'm trying this in my webAPI project hosted in web site in IIS with Windows Authentication enabled I have this in my controller [Route("empleados")] public class EmployeeController : Controller { private readonly IMediator mediator; private readonly IHttpContextAccessor httpContextAccesor; public EmployeeController(IMediator mediator, IHttpContextAccessor httpContextAccesor) { this.mediator = mediator; this.httpContextAccesor = httpContextAccesor; } [HttpGet] [Route("")] public IActionResult Get() { var userId = this.httpContextAccesor.HttpContext.User.FindFirst(ClaimTypes.NameIdentifier).Value; return Ok(userId); } But when I make the call I get the pop up to start session and then HTTP ERROR 500 Any idea, please? Thanks
Antti K. Koskela
2019-11-08 15:00:02
Hi kintela, Thanks for your comment! I'm on the road without access to my laptop, but a couple of questions did cross my mind: - have you referenced system.security.claims? - if you debug your code, do you get a value for the User object? Cheers!
Tian
2019-12-06 05:09:29)
Thanks for post, but when I call var userId = _httpContextAccessor.HttpContext.User.FindFirst(ClaimTypes.NameIdentifier).Value; it return name of user. How can I found userId. Thanks
Antti K. Koskela
2019-12-10 21:34:21
Hi Tian, I suppose that depends on the authentication configuration and what you mean by userId. For example, with Azure AD (which is my typical configuration), you should be looking for a claim called "http://schemas.microsoft.com/identity/claims/objectidentifier". Hence in the code, you can do something like this: _httpContextAccessor.HttpContext.User.FindFirst(ClaimTypes.NameIdentifier).FindFirstValue("http://schemas.microsoft.com/identity/claims/objectidentifier"); Whereas the code below should return an internal ID used by your authentication middleware (or at least, that's what I suppose it is - never had to do any digging, to be honest - perhaps it works differently for different authentication methods!): _httpContextAccessor.HttpContext.User.FindFirstValue(ClaimTypes.NameIdentifier); If you're using built-in identities (instead of relying on external authentication), you'll have the id in your entities directly. Hope this helps - if it doesn't, feel free to tell me more about your use case!
Lars Torbjörn Linden
2020-02-09 01:52:27
UserName = claimsPrincipal.Claims.SingleOrDefault(c => c.Type == ClaimTypes.Name)?.Value, Roles = claimsPrincipal.Claims.Where(c => c.Type == ClaimTypes.Role).Select(c => c.Value).ToArray(), Email = claimsPrincipal.Claims.SingleOrDefault(c => c.Type == ClaimTypes.Upn)?.Value, FirstName = claimsPrincipal.Claims.SingleOrDefault(c => c.Type == ClaimTypes.GivenName)?.Value, LastName = claimsPrincipal.Claims.SingleOrDefault(c => c.Type == ClaimTypes.Surname)?.Value
ThisIs TheList
2020-01-01 21:23:56)
Just wanted to say that on an ASP NET CORE 3.1 + Identity4 + Login project, I was able to follow the directions you provided in this article and successfully retrieve the current user information from within a method in a Web API Controller. That was something I was struggling with after moving from a CORE 2 + older Identity project to the latest/greatest. Thanks for the clear explanation.
Antti K. Koskela
2020-01-04 23:05:39
Thanks for the comment! Really happy to hear that - it's a neverending task to get articles like this stay up-to-date, but as long as they are of help, it's worth it. Cheers!
Deepthi
2020-02-05 01:42:29)
Hi, I have a .net core 2.2 web application where the Signin happens using the following code await _httpContextAccessor.HttpContext.SignInAsync( CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(claimsIdentity), authProperties); The values of httpContextAccessor.httpContext.user.identity.name are retained properly for further requests and works in VS2017 in devlopment environment. But on deploying to server with IIS the same code doesn't work and the values for httpContextAccessor.User.Identity.Name is returning empty. Any idea what the problem is? Any help will be greatly appreciated. Thanks
Antti K. Koskela
2020-02-10 23:12:07
Hi Deepthi, Thanks for your question! What's your authentication scheme and how did you configure authentication in your IIS? Cheers!
Sam B
2020-02-10 23:50:11)
Hello, Thanks so much for the guide. Im currently using Dapper as my ORM to make data calls for my identity user. I referenced- https://markjohnson.io/articles/asp-net-core-identity-without-entity-framework/ and am wondering how to set up the httpcontextaccessor without a dbcontext class. Any insight is helpful :) Thanks, SB
Antti K. Koskela
2020-04-09 21:55:28
Hi Sam, I couldn't open the link you pasted - but let me try and reply anyway: The DbContext is just an example, it's simply the constructor where I needed to use the injected httpcontextaccessor. Instead, you can inject it into any Controller or View just like any other injected service :)
Mike Boutelle
2020-03-04 20:17:11)
it appears that in .NET Core 3.1 the functionality has been restored so that the answer becomes that var username = HttpContext.User.Identity.Name; does return the current user.
Antti K. Koskela
2020-04-09 21:52:28
Hi Mike, Thanks for the heads-up! Argh, they keep changing a couple of these things around... I need to update the article some day soon again!
Srikanth Bollojula
2020-04-26 23:02:52)
helped me
Antti K. Koskela
2020-04-26 23:58:08
Happy to hear that!
Aravind
2020-07-15 06:23:10)
I assume this needs to have the controller or the method decorated with [Authorize] attribute. Is there a way to get the current logged in windows user id/info without using the [Authorize] decoration and having the IIS configured with Windows auth and Anonymous auth together? I am using web api with Angular, and that needs Anonymous auth for pre-flight requests, and then i need the currently logged on windows user (as its internal app) from the api, using HttpContext or by any other means to get the windows user name.
Antti K. Koskela
2020-07-18 21:46:44
Hi Aravind, and thanks for your question! While I haven't used this method with Windows authentication myself, I reckon it should work just fine with it. Just check whether the User property is populated or not to see if your code is run in an authenticated context or not. I don't have much experience with Angular, but I suppose you COULD configure the authentication middleware to ignore OPTIONS requests and only require authentication for other requests? Something like this: https://github.com/aspnet/CORS/issues/60
Hamed Naseri
2021-07-28 09:16:14)
Thanks a lot for sharing. Your post saved me lots of time.
Antti K. Koskela
2021-08-01 00:40:13
Cheers, Hamed - my pleasure!
Carlo
2022-06-14 01:51:22)
Antti K. Koskela

                                            
2022-06-27 12:38:41

                                        
Hi Carlo,

Thanks for your comment! I can see there's a code block in it, but no code - not sure if it just failed to save? 😅
Hello

                        
2022-06-16 19:12:22)

                    
Can you update this for .net core 6? :)
Antti K. Koskela

                                            
2023-03-10 22:40:11

                                        
I should, whenever I find the time to clean up some code samples again... 😄
zet

                        
2022-08-05 14:10:48)

                    
i have [USER(userID,username,password)] table, and [ROLE(roleID,roleName)] table, linked with a mapping table, [USER_ROLE(userID,roleID)]
I am login in as John, my role is Admin, how do i display this role in my _Layout.cshtml upon successful login,
And also my role based authorization is not working
Vikram

                        
2022-10-13 10:44:57)

                    
I suppose it is much easier to do now in new .net core

in Controller


    private readonly UserManager<ApplicationUser> _userManager;
    
    public HomeController(UserManager<ApplicationUser> userManager)
    {
        _userManager = userManager;
    }
 
    public async Task<IActionResult> Index()
    {
        var userId =  User.FindFirstValue(ClaimTypes.NameIdentifier) // will give the user's userId
    }


That's it.
You can take a look here also:
https://qawithexperts.com/questions/537/how-to-get-currently-logged-in-userid-in-aspnet-core
Antti K. Koskela

                                            
2023-03-10 22:40:50

                                        
Hi Vikram,

It's always nice to see things getting easier.. Thanks for sharing! 😁


        
        
← Back to home





            
            


        
github
                x
                linkedin
                dev.to
                bluesky
                sessionize
                
            
            slideshare
                
            
            
            youtube
                thoughts on tech
                
            
            
            
            
            antti koskela
                
            
            
            
            
            

                
Whitewater Magpie Ltd.

                    

                    
© 2025

                
Static Site Generation timestamp: 2025-08-21T07:25:06Z