Proper way to dependency inject authenticated user

2019-07-13 13:05发布

问题:

I am using a service layer with repository pattern. The controller has a dependency on the service layer, and the service layer has a dependency on the repository.

I have to pass logged in user information to the repository layer for authorization purposes and am trying to determine the best approach for injecting the user information into the repository considering that I seem to have an extensive injection chain:

controller -> service(s) -> repositories -> logged in user info.  

I guess the easy approach would be to pass the user information to the service methods that get called(i.e. FindById(int primaryKey, User currentUser), etc.)

But this seems very limiting and problematic down the road as opposed to injecting the User information.

What is the recommended approach to this problem?


I am a little confused about how the person in the article seems to be implementing the ICurrentUserFetcher. I assume that is would provide the extra properties that are not available from the IIdentity, but the article does not make this very clear.

class GenericRepository<T>: IRepository<T> {
    private readonly ICurrentUserFetcher currentUserFetcher;
    public GenericRepository<T>(Func<IIdentity> currentUserFetcher) {
        this.currentUserFetcher = currentUserFetcher;
    }
    public void Update(T entity) {
        var currentUser = currentUserFetcher();
        ...
    }
}   
var repo = new GenericRepository<Person>(() => HttpContext.Current.User.Identity);

回答1:

Assign the user information to the current principal after the login. Google about IPrincipal and IIdentity. Those two classes are the built in way in .NET to handle the currently logged in user.

To access the user simply use Thread.CurrentPrincipal.Identity. I would however not use that property in the repository, but only in the service class. The reason to tha this that the repository should not be in charge of telling which user to fetch information for.

To assign the user on every request you have to use the PostAuthenticate event in global.asax.