Using ConfigureFunctionsWebApplication and AddHttpContextAccessor but injected IHttpContextAccessor _httpContextAccessor is always null

[silverleafsolutions]

I integrated the DarkLoop.Azure.Functions.Authorization.Isolated Nuget package into my .NET 9 isolated Function App project, and it works great overall. But I had a CurrentUserService I was using before that worked fine, but once I implemented DarkLoop, it seems to have stopped working. In the constructor, IHttpContextAccessor httpContextAccessor is always null, no matter what. Here is that class:

namespace MyFunctionApp.Core.Services
{
    public class CurrentUserService : ICurrentUserService
    {
        private readonly IHttpContextAccessor _httpContextAccessor;

        public CurrentUserService(IHttpContextAccessor httpContextAccessor)
        {
            _httpContextAccessor = httpContextAccessor;
        }

        public string? UserId
        {
            get
            {
                return _httpContextAccessor.HttpContext?.User?.FindFirstValue(JwtRegisteredClaimNames.Sub);
            }
        }

        public string? Username
        {
            get
            {
                return _httpContextAccessor.HttpContext?.User?.FindFirstValue(ClaimTypes.Name);
            }
        }
    }
}

I've tried moving the statements in my Program.cs around, but nothing changes the fact that the httpContextAccessor is always null. Is there any way to continue using the CurrentUserService, or am I going to have to completely refactor it or use something else entirely?

Here is my Program.cs:

using DarkLoop.Azure.Functions.Authorization;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.AspNetCore.Identity;
using Microsoft.Azure.Functions.Worker;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using Microsoft.IdentityModel.Tokens;
using System.Text;

var builder = Host
    .CreateDefaultBuilder(args)
    .ConfigureFunctionsWebApplication(builder =>
    {
        builder.UseFunctionsAuthorization();
        builder.Services.AddHttpContextAccessor();
    })
    .ConfigureServices((ctx, services) =>
    {
        var config = ctx.Configuration;

        // Key Vault
        services.AddSingleton<IKeyVaultService, KeyVaultService>();

        // Application services & HTTP client
        services.AddApplicationServices();

        // Identity
        services.AddIdentityCore<ApplicationUser>(opts =>
        {
            opts.Password.RequireDigit = true;
            opts.Password.RequireLowercase = true;
            opts.Password.RequireUppercase = true;
            opts.Password.RequireNonAlphanumeric = false;
            opts.Password.RequiredLength = 8;
        })
            .AddRoles<IdentityRole>()
            .AddEntityFrameworkStores<ApplicationDbContext>()
            .AddDefaultTokenProviders();

        // JWT Authentication & Authorization Policies
        services
            .AddFunctionsAuthentication(JwtFunctionsBearerDefaults.AuthenticationScheme)
            .AddJwtFunctionsBearer(options =>
            {
                options.SaveToken = true;
                options.RequireHttpsMetadata = true;
                options.TokenValidationParameters = new TokenValidationParameters
                {
                    ValidateIssuerSigningKey = true,
                    ValidateIssuer = true,
                    ValidateAudience = true,
                    ValidateLifetime = true,
                    ClockSkew = TimeSpan.Zero
                };
            });

        services.AddFunctionsAuthorization(opts =>
        {
            opts.ConfigurePolicies();
        });

        // Current user & EF interceptor
        services.AddScoped<ICurrentUserService, CurrentUserService>();
        services.AddScoped<AuditableEntityInterceptor>();

        // Build the service provider.
        var sp = services.BuildServiceProvider();
        var keyVaultService = sp.GetRequiredService<IKeyVaultService>();

        // Resolve JWT settings from KeyVault
        var jwtSettingsJson = keyVaultService
            .GetSecretAsync(Constants.KEYVAULT_KEY_JWT_TOKEN_SETTINGS_JSON)
            .GetAwaiter().GetResult();
        var jwtSettings = System.Text.Json.JsonSerializer.Deserialize<JwtTokenSettings>(jwtSettingsJson ?? "", JsonHelper.GetDefaultJsonSerializerOptions())!;

        // Resolve JWT settings from KeyVault.
        services.PostConfigure<JwtBearerOptions>(
            JwtFunctionsBearerDefaults.AuthenticationScheme,
            options =>
            {
                options.TokenValidationParameters.IssuerSigningKey =
                    new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtSettings.SecretKey));
                options.TokenValidationParameters.ValidAudience = jwtSettings.Audience;
                options.TokenValidationParameters.ValidIssuer = jwtSettings.Issuer;
                options.TokenValidationParameters.ValidateIssuerSigningKey = true;
                options.TokenValidationParameters.ValidateIssuer = true;
                options.TokenValidationParameters.ValidateAudience = true;
                options.TokenValidationParameters.ValidateLifetime = true;
                options.TokenValidationParameters.ClockSkew = TimeSpan.Zero;
            });
    });

var host = builder.Build();
host.Run();

Lastly, I have the AuditableEntityInterceptor class that needs CurrentUserService to get the current user's ID, but it obviously doesn't work right now either:

namespace MyProject.Infrastructure.Data.Interceptors
{
    public class AuditableEntityInterceptor : SaveChangesInterceptor
    {
        private readonly ICurrentUserService _currentUserService;

        public AuditableEntityInterceptor(ICurrentUserService currentUserService)
        {
            _currentUserService = currentUserService;
        }

        public override InterceptionResult<int> SavingChanges(DbContextEventData eventData, InterceptionResult<int> result)
        {
            UpdateEntities(eventData.Context);
            return base.SavingChanges(eventData, result);
        }

        public override ValueTask<InterceptionResult<int>> SavingChangesAsync(DbContextEventData eventData, InterceptionResult<int> result, CancellationToken cancellationToken = default)
        {
            UpdateEntities(eventData.Context);
            return base.SavingChangesAsync(eventData, result, cancellationToken);
        }

        private void UpdateEntities(DbContext? context)
        {
            if (context == null)
            {
                return;
            }

            var userId = _currentUserService.UserId;
            var now = DateTime.UtcNow;

            foreach (var entry in context.ChangeTracker.Entries().Where(e => e.Entity is BaseEntity<object>))
            {
                var entity = entry.Entity as BaseEntity<object>;
                if (entity == null)
                {
                    continue;
                }

                if (entry.State == EntityState.Added)
                {
                    entity.CreatedBy = userId ?? string.Empty;
                    entity.CreatedDate = now;
                }
                else if (entry.State == EntityState.Modified)
                {
                    entity.LastModifiedBy = userId;
                    entity.LastModifiedDate = now;
                }
                else if (entry.State == EntityState.Deleted)
                {
                    entry.State = EntityState.Modified;
                    entity.IsDeleted = true;
                    entity.DeletedBy = userId;
                    entity.DeletedDate = now;
                }
            }
        }
    }
}

[acnicholls-kroll]

I had to implement a FunctionContextAccessor middleware to make this work, and even then couldn't use the HttpContextAccessor to get the HttpContext.

the FunctionContext has a method GetHttpContext(), and the HttpContextAccessor will never work.

see this URL for details: https://gist.github.com/dolphinspired/796d26ebe1237b78ee04a3bff0620ea0

[silverleafsolutions]

Thank you for the tips!

I finally ended up getting a solution in place that works. Does this look like a valid solution? It's at least somewhat different from the solution in the link you included. I'll post this here, to hopefully help others with similar issues.

In my Program.cs, I used:

var builder = Host
    .CreateDefaultBuilder(args)
    .ConfigureFunctionsWebApplication(builder =>
    {
        builder.UseFunctionsAuthorization();

        builder.UseCurrentPrincipalMiddleware();
    })
    .ConfigureServices((ctx, services) =>
    {
        services.AddScoped<ICurrentPrincipalService, CurrentPrincipalService>();
        services.AddScoped<ICurrentUserService, CurrentUserService>();
    });

The middleware:

public class CurrentPrincipalMiddleware : IFunctionsWorkerMiddleware
{
    public async Task Invoke(FunctionContext context, FunctionExecutionDelegate next)
    {
        // Get the IServiceProvider from the FunctionContext.
        var serviceProvider = context.InstanceServices;

        // Resolve ICurrentPrincipalService
        var principalService = serviceProvider.GetRequiredService<ICurrentPrincipalService>();

        // Get HttpContext from FunctionContext (if available).
        var httpContext = context.GetHttpContext();
        if (httpContext != null)
        {
            // Set the ClaimsPrincipal in the scoped service.
            principalService.Principal = httpContext.User;
        }
        else
        {
            // Optional: Set a default or null Principal for non-HTTP triggers.
            principalService.Principal = null;
        }

        // Call the next middleware in the pipeline.
        await next(context);
    }
}

public static class FunctionsWorkerApplicationBuilderExtensions
{
    public static IFunctionsWorkerApplicationBuilder UseCurrentPrincipalMiddleware(this IFunctionsWorkerApplicationBuilder builder)
    {
        return builder.UseMiddleware<CurrentPrincipalMiddleware>();
    }
}

public interface ICurrentPrincipalService
{
    public ClaimsPrincipal? Principal { get; set; }
}

public class CurrentPrincipalService : ICurrentPrincipalService
{
    public ClaimsPrincipal? Principal { get; set; }
}

And finally, after including all this code, the CurrentUserService had access to the ICurrentPrincipalService that had the Principal filled out and usable!

public class CurrentUserService : ICurrentUserService
{
    private readonly ICurrentPrincipalService _principalService;

    public CurrentUserService(ICurrentPrincipalService principalService)
    {
        _principalService = principalService;
    }

    public string? UserId
    {
        get
        {
            return _principalService.Principal?.FindFirstValue(ClaimTypes.NameIdentifier);
        }
    }

    public string? Username
    {
        get
        {
            return _principalService.Principal?.FindFirstValue(ClaimTypes.Name);
        }
    }
}

[acnicholls-kroll]

var builder = Host
.CreateDefaultBuilder(args)
.ConfigureFunctionsWebApplication(builder =>

I would suggest not using HostBuilder and instead use FunctionsApplication.CreateBuilder(string[] args)

I ran into deployment problems when using HostBuilder.

Otherwise, this looks like a usable solution to the problem!

[silverleafsolutions]

Ok, interesting. I tried changing my function app code to that, but I keep getting this error in VS:

'FunctionsApplicationBuilder' does not contain a definition for 'ConfigureFunctionsWebApplication' and the best extension method overload 'FunctionsHostBuilderExtensions.ConfigureFunctionsWebApplication(IHostBuilder, Action)' requires a receiver of type 'Microsoft.Extensions.Hosting.IHostBuilder'

using Microsoft.Azure.Functions.Worker.Builder;

var builder = FunctionsApplication.CreateBuilder(string[] args)
    .ConfigureFunctionsWebApplication(builder =>
    {
        builder.UseFunctionsAuthorization();

        builder.UseCurrentPrincipalMiddleware();
    })
    .ConfigureServices((ctx, services) =>
    { });

[acnicholls-kroll]

that's because .ConfigureFunctionsWebApplication() doesn't accept a predicate when on FunctionsHostBuilder. You declare your middleware OUTSIDE of that extension.

var host = FunctionsApplication.CreateBuilder(args);
host.ConfigureFunctionsWebApplication();

Console.WriteLine($@"Starting Middleware Configuration...");
host.UseMiddleware<Middleware1>();
host.UseMiddleware<Middleware2>();
host.UseMiddleware<Middleware3>();
host.UseMiddleware<Middleware4>();
host.UseMiddleware<Middleware5>();
Console.WriteLine($@"Middleware Configuration complete.");

[artmasa]

Hi @silverleafsolutions,
I don't think you need any of this. Once you add authorization your principal will be part of your functions.
If you see the sample functions in this project, you can see how the authorization process assigns the principal to context.

[Function("TestFunction")]
[Authorize]
public async Task<IActionResult> Run([HttpTrigger("get", "post")] HttpRequest req)
{
    _logger.LogInformation("C# HTTP trigger function processed a request.");

    var principal = req.HttpContext.User;
}

This is one of the advantages of these extensions.

Unless you need this for other types you want injected into your functions class, but again, every request makes it available to your scoped services. Have you tried injecting FunctionContext into other services?