AuthContext.IsPeerAuthenticated should return true if User.Identity.IsAuthenticated does
#2537
Labels
enhancement
New feature or request
Comments
|
AuthContext is legacy from the older Grpc.Core implementation. The docs don't talk about it because getting the identity from HttpContext is better. It wouldn't be difficult to change the IsPeerAuthenticated flag to be true based on It's probably best to have docs to say to not worry about the auth context and get that information from |
|
At the very least, update the docs rather sooner than later, because after reading grpc-dotnet/src/Grpc.Core.Api/AuthContext.cs Lines 28 to 29 in b1df3e4 I felt almost "forced" to make IsPeerAuthenticated return true, if the user got authenticated via MSAL.. 🙈😅
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
After loads of trial & error (no offense, but some docs are confusing for beginners), it seems my Blazor WASM standalone app authenticates Azure B2C users via MSAL correctly - except for 1 thing:
context.AuthContext.IsPeerAuthenticatedalways returnsfalse, even ifcontext.GetHttpContext().User.Identity.IsAuthenticatedreturnstrue.Since the docs for
AuthContext.PeerIdentityPropertyNamestate:… I looked at the code which clarified that
IsPeerAuthenticatedreturnstrueas soon as the former just isn'tnull- but that doesn't always seem to get set properly.From what I could find (mainly 2 unit tests in this repo), the C# implementation solely focuses on authentication via certificates, because if the underlying
HttpContextcontains aClaimsPrincipalwith anIIdentitywhoseIsAuthenticatedis true, gRPC seems to "simply not care".Describe the solution you'd like
Please, for Padawan-like developers like me, i.e., those struggling with authentication & authorization, enable that authenticated users (= those with an
HttpContextcontaining aClaimsPrincipalwhoseIIdentity.IsAuthenticatedevaluates totrue), can be easily checked/identified viacontext.AuthContext.IsPeerAuthenticated, too.Because otherwise
context.GetHttpContext()needs to be called on each & every method call.Describe alternatives you've considered
Continuing to use either workaround:
context.GetHttpContext().User.Identity.IsAuthenticatedinside each overwritten method.AuthenticationInterceptorwhich overrides 9 (!) methods to evaluate theIIdentityproperty & in the event of it beingtruesort of "modifies" the existingServerCallContextby cloning everything from it, except for theAuthContextwhich is replaced with one that hasIsPeerAuthenticatedreturntrue.Additional context
The docs regarding
AuthContextshould be improved to make its content as well as usage clearer - maybe even by adding a usage example for the scenario I just described.The text was updated successfully, but these errors were encountered: