Home > Software design >  Session has not been configured for this application or request Error when using IHttpContextAccesso
Session has not been configured for this application or request Error when using IHttpContextAccesso

Time:12-28

I created a custom Authorization policy in .NET 6 Core. It works fine for my requirement however I found an error while debugging - Session has not been configured for this application or request. But I have already configured the session in my program.cs. Should this error be shown in debugging, Is something remaining to be configured for the session? Please do let me know if I need to provide additional details.

Debugging Error Screenshot : https://pasteboard.co/RuiKarjvJPuP.png

Authorization Handler:

using Microsoft.AspNetCore.Authorization;

namespace myApp.Security
{
    public class CrudAccessHandler : AuthorizationHandler<AccessRequirement>
    {
        private readonly IHttpContextAccessor httpContextAccessor;

        public CrudAccessHandler(IHttpContextAccessor httpContextAccessor)
        {
            this.httpContextAccessor = httpContextAccessor ?? throw new ArgumentNullException(nameof(httpContextAccessor));
        }
        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, AccessRequirement requirement)
        {
            string? controllerName = httpContextAccessor.HttpContext?.Request.RouteValues["controller"]?.ToString();

            string? actionName = httpContextAccessor.HttpContext?.Request.RouteValues["action"]?.ToString();

            if (controllerName != null && actionName != null)
            {
                if (context.User.HasClaim(claim => (claim.Type == controllerName && claim.Value == actionName)))
                {
                    context.Succeed(requirement);
                }
            }

            if (controllerName != null && actionName == "Index")
            {
                if (context.User.HasClaim(claim => (claim.Type == controllerName && claim.Value == "Read")))
                {
                    context.Succeed(requirement);
                }
            }

            if (controllerName != null && actionName == "Clone")
            {
                if (context.User.HasClaim(claim => (claim.Type == controllerName && claim.Value == "Create")))
                {
                    context.Succeed(requirement);
                }
            }

            return Task.CompletedTask;
        }
    }
}

Program.cs:

using myApp.Data;
using MyApp.Interfaces;
using MyApp.Models;
using MyApp.Security;
using MyApp.Services;
using MyApp.Utilities;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Identity.UI.Services;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;

var builder = WebApplication.CreateBuilder(args);

// Add services to the container.

builder.Services.AddDbContextPool<ApplicationDbContext>(options => 
    options.UseSqlServer(builder.Configuration.GetConnectionString("DefaultConnection")));
builder.Services.AddIdentity<ApplicationUser, ApplicationRole>().AddEntityFrameworkStores<ApplicationDbContext>().AddDefaultTokenProviders().AddDefaultUI();
builder.Services.AddTransient<IEmailSender, MailSender>();

builder.Services.Configure<IdentityOptions>(options =>
{
    options.Password.RequiredLength = 8;
});
builder.Services.AddDistributedMemoryCache();
builder.Services.AddSession(options =>
{
    options.IdleTimeout = TimeSpan.FromMinutes(30);
    options.Cookie.HttpOnly = true;
    options.Cookie.IsEssential = true;
}
);
builder.Services.ConfigureApplicationCookie(options =>
{
    options.LoginPath = "/Account/Login";
});


builder.Services.AddControllersWithViews(options => 
{ 
    options.Filters.Add(new AutoValidateAntiforgeryTokenAttribute());
});

builder.Services.Configure<DataProtectionTokenProviderOptions>(options =>
{
    options.TokenLifespan = TimeSpan.FromMinutes(5);
});

builder.Services.AddAuthorization(options =>
{
    options.AddPolicy(Helper.AccessPolicy, policy => policy.AddRequirements(new CrudAccessRequirement()));

    options.FallbackPolicy = new AuthorizationPolicyBuilder()
        .RequireAuthenticatedUser()
        .Build();
});

builder.Services.AddTransient<IAuthorizationHandler, SuperAdminHandler>();

builder.Services.AddTransient<IAuthorizationHandler, CrudAccessHandler>();

var app = builder.Build();

// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment())
{
    app.UseDeveloperExceptionPage();
}

app.UseHttpsRedirection();
app.UseStaticFiles();

app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseSession();
app.MapControllerRoute(name: "default", pattern: "{controller=Home}/{action=Index}/{id?}");

app.Run();

CodePudding user response:

I resolved my issue by changing the HTTP request pipeline order as follows:

app.UseRouting();
app.UseSession();

app.UseAuthentication();
app.UseAuthorization();

This fixed my issue with .NET Core 6

  • Related