Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HttpContext/IHttpContextAccessor article #34592

Open
wants to merge 9 commits into
base: main
Choose a base branch
from
+60 −16
Open

HttpContext/IHttpContextAccessor article #34592

Show file tree
Hide file tree
Changes from 7 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
c6ad091
HttpContext/IHttpContextAccessor article
guardrex Jan 29, 2025
d6d7a56
Updates
guardrex Jan 29, 2025
488415f
Updates
guardrex Jan 29, 2025
87eea52
Updates
guardrex Jan 30, 2025
723d440
Updates
guardrex Jan 30, 2025
ff0f4a7
Updates
guardrex Jan 30, 2025
91d44a4
Updates
guardrex Jan 31, 2025
f3313a2
Updates
guardrex Jan 31, 2025
c6bcac8
Merge branch 'main' into guardrex/blazor-http-context-coverage
guardrex Feb 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 24 additions & 1 deletion ...e/blazor/security/includes/httpcontext.md → aspnetcore/blazor/components/httpcontext.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,17 @@
---
title: IHttpContextAccessor/HttpContext in ASP.NET Core Blazor apps
author: guardrex
description: Learn about IHttpContextAccessor and HttpContext in ASP.NET Core Blazor apps.
monikerRange: '>= aspnetcore-3.1'
ms.author: riande
ms.custom: mvc
ms.date: 01/30/2025
uid: blazor/components/httpcontext
---
# `IHttpContextAccessor`/`HttpContext` in ASP.NET Core Blazor apps

[!INCLUDE[](~/includes/not-latest-version-without-not-supported-content.md)]

:::moniker range=">= aspnetcore-8.0"

<xref:Microsoft.AspNetCore.Http.IHttpContextAccessor> generally should be avoided with interactive rendering because a valid <xref:Microsoft.AspNetCore.Http.HttpContext> isn't always available.
Expand All @@ -11,7 +25,14 @@
public HttpContext? HttpContext { get; set; }
```

For scenarios where the <xref:Microsoft.AspNetCore.Http.HttpContext> is required in interactive components, we recommend flowing the data via persistent component state from the server. For more information, see <xref:blazor/security/additional-scenarios#pass-tokens-to-a-server-side-blazor-app>.
During interactive rendering, an <xref:Microsoft.AspNetCore.Http.HttpContext> instance might not even exist. For scenarios where the <xref:Microsoft.AspNetCore.Http.HttpContext> is required in interactive components, we recommend flowing context data with [persistent component state](xref:blazor/components/prerender#persist-prerendered-state) from the server.

For additional context in *advanced* edge cases&dagger;, see the discussion in the following articles:

* [HttpContext is valid in Interactive Server Rendering Blazor page (`dotnet/AspNetCore.Docs` #34301)](https://github.com/dotnet/AspNetCore.Docs/issues/34301)
* [Security implications of using IHttpContextAccessor in Blazor Server (`dotnet/aspnetcore` #45699)](https://github.com/dotnet/aspnetcore/issues/45699)

&dagger;Most developers building and maintaining Blazor apps don't need to delve into advanced concepts as long as the general guidance in this article is followed.

:::moniker-end

Expand All @@ -24,3 +45,5 @@ The recommended approach for passing request state to the Blazor app is through
A critical aspect of server-side Blazor security is that the user attached to a given circuit might become updated at some point after the Blazor circuit is established but the <xref:Microsoft.AspNetCore.Http.IHttpContextAccessor> ***isn't updated***. For more information on addressing this situation with custom services, see <xref:blazor/security/additional-scenarios#circuit-handler-to-capture-users-for-custom-services>.

:::moniker-end

For guidance on <xref:Microsoft.AspNetCore.Http.IHttpContextAccessor> and <xref:Microsoft.AspNetCore.Http.HttpContext> in ASP.NET Core SignalR, see <xref:signalr/httpcontext>.
4 changes: 0 additions & 4 deletions aspnetcore/blazor/components/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1865,10 +1865,6 @@ For more information, see the following resources:
* <xref:mvc/views/tag-helpers/builtin-th/component-tag-helper>
* <xref:blazor/components/integration>

## `IHttpContextAccessor`/`HttpContext`

[!INCLUDE[](~/blazor/security/includes/httpcontext.md)]

<!--Reference links in article-->
[1]: <xref:mvc/views/razor#code>
[2]: <xref:mvc/views/razor#using>
Expand Down
5 changes: 1 addition & 4 deletions aspnetcore/blazor/fundamentals/signalr.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1507,10 +1507,6 @@ app.MapBlazorHub();
+ app.MapBlazorHub("/signalr");
```

## `IHttpContextAccessor`/`HttpContext`

[!INCLUDE[](~/blazor/security/includes/httpcontext.md)]

## Additional server-side resources

* [Server-side host and deployment guidance: SignalR configuration](xref:blazor/host-and-deploy/server#signalr-configuration)
Expand All @@ -1521,6 +1517,7 @@ app.MapBlazorHub();
* <xref:blazor/security/index>
* <xref:blazor/security/interactive-server-side-rendering>
* <xref:blazor/security/additional-scenarios>
* <xref:blazor/components/httpcontext>
* [Server-side reconnection events and component lifecycle events](xref:blazor/components/lifecycle#blazor-server-reconnection-events)
* [What is Azure SignalR Service?](/azure/azure-signalr/signalr-overview)
* [Performance guide for Azure SignalR Service](/azure/azure-signalr/signalr-concept-performance)
Expand Down
6 changes: 2 additions & 4 deletions aspnetcore/blazor/security/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -108,10 +108,6 @@ The built-in or custom <xref:Microsoft.AspNetCore.Components.Authorization.Authe

For more information on server-side authentication, see <xref:blazor/security/index>.

### `IHttpContextAccessor`/`HttpContext`

[!INCLUDE[](~/blazor/security/includes/httpcontext.md)]

### Shared state

[!INCLUDE[](~/blazor/security/includes/shared-state.md)]
Expand Down Expand Up @@ -1417,6 +1413,7 @@ PII refers any information relating to an identified or identifiable natural per
* [Microsoft identity platform access tokens](/entra/identity-platform/access-tokens)
* <xref:security/index>
* <xref:security/authentication/windowsauth>
* <xref:blazor/components/httpcontext>
* [Build a custom version of the Authentication.MSAL JavaScript library](xref:blazor/security/webassembly/additional-scenarios#build-a-custom-version-of-the-authenticationmsal-javascript-library)
* [Awesome Blazor: Authentication](https://github.com/AdrienTorris/awesome-blazor#authentication) community sample links
* <xref:blazor/hybrid/security/index>
Expand All @@ -1438,6 +1435,7 @@ PII refers any information relating to an identified or identifiable natural per
* [Microsoft identity platform ID tokens](/entra/identity-platform/id-tokens)
* [Microsoft identity platform access tokens](/entra/identity-platform/access-tokens)
* <xref:security/index>
* <xref:blazor/components/httpcontext>
* <xref:security/authentication/windowsauth>
* [Build a custom version of the Authentication.MSAL JavaScript library](xref:blazor/security/webassembly/additional-scenarios#build-a-custom-version-of-the-authenticationmsal-javascript-library)
* [Awesome Blazor: Authentication](https://github.com/AdrienTorris/awesome-blazor#authentication) community sample links
Expand Down
2 changes: 1 addition & 1 deletion aspnetcore/blazor/security/interactive-server-side-rendering.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ In general, we recommend that you avoid rendering components that contain sensit

## `IHttpContextAccessor`/`HttpContext`

[!INCLUDE[](~/blazor/security/includes/httpcontext.md)]
For more information, see <xref:blazor/components/httpcontext>.

## Resource exhaustion

Expand Down
4 changes: 2 additions & 2 deletions aspnetcore/fundamentals/http-context.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -191,7 +191,7 @@ public class EmailController : Controller

## `IHttpContextAccessor`/`HttpContext` in Razor components (Blazor)

[!INCLUDE[](~/blazor/security/includes/httpcontext.md)]
For more information, see <xref:blazor/components/httpcontext>.

:::moniker-end

Expand Down Expand Up @@ -346,6 +346,6 @@ public class EmailController : Controller

## `IHttpContextAccessor`/`HttpContext` in Razor components (Blazor)

[!INCLUDE[](~/blazor/security/includes/httpcontext.md)]
For more information, see <xref:blazor/components/httpcontext>.

:::moniker-end
23 changes: 23 additions & 0 deletions aspnetcore/signalr/httpcontext.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
---
title: IHttpContextAccessor/HttpContext in ASP.NET Core SignalR
author: guardrex
description: Learn about IHttpContextAccessor and HttpContext in ASP.NET Core SignalR.
monikerRange: '>= aspnetcore-3.1'
ms.author: riande
ms.custom: mvc
ms.date: 01/30/2025
uid: signalr/httpcontext
---
# `IHttpContextAccessor`/`HttpContext` in ASP.NET Core SignalR
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For SignalR you should use Context.GetHttpContext() when in the hub. See https://learn.microsoft.com/aspnet/core/signalr/hubs?view=aspnetcore-9.0#the-context-object for details.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @BrennanConroy ... See if my last commit places a good paragraph for it.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@BrennanConroy ... pinging again in case you didn't see the earlier one.


[!INCLUDE[](~/includes/not-latest-version-without-not-supported-content.md)]

<xref:Microsoft.AspNetCore.Http.IHttpContextAccessor>/<xref:Microsoft.AspNetCore.Http.HttpContext> generally should be avoided with SignalR because a valid <xref:Microsoft.AspNetCore.Http.HttpContext> isn't always available. In most cases, the context doesn't exist (`null`).

Even when an <xref:Microsoft.AspNetCore.Http.HttpContext> instance is available, the context is dependent on the transport:

* WebSockets receives a single context as the result of the initial handshake.
* Long polling receives a new context per client "poll" request.
* A SignalR service receives a mocked/faked/shim context.

For guidance on <xref:Microsoft.AspNetCore.Http.IHttpContextAccessor>/<xref:Microsoft.AspNetCore.Http.HttpContext> in ASP.NET Core Blazor apps, see <xref:blazor/components/httpcontext>.
5 changes: 5 additions & 0 deletions aspnetcore/toc.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -484,6 +484,8 @@ items:
uid: blazor/components/render-modes
- name: Prerender components
uid: blazor/components/prerender
- name: IHttpContextAccessor and HttpContext
uid: blazor/components/httpcontext
- name: Generic type support
uid: blazor/components/generic-type-support
- name: Synchronization context
Expand Down Expand Up @@ -954,6 +956,9 @@ items:
- name: Configuration
uid: signalr/configuration
displayName: signalr
- name: IHttpContextAccessor and HttpContext
uid: signalr/httpcontext
displayName: signalr
- name: Authentication and authorization
uid: signalr/authn-and-authz
displayName: signalr
Expand Down