Ensure ClaimsPrincipal.Current is set if user changes (#631)

The existing setup would only set Current to the existing user. Some scenarios seem to invoke at other times, so this uses the IRequestUserFeature to ensure that any updates to the user will be mirrored to the ClaimsUser.Current

Author: twsouthwick

samples/AuthRemoteIdentity/AuthRemoteIdentityCore/Program.cs

@@ -100,15 +100,32 @@
 
 app.UseRouting();
 
-app.UseAuthenticationEvents();
 app.UseAuthentication();
-app.UseAuthorizationEvents();
+app.UseAuthenticationEvents();
 app.UseAuthorization();
+app.UseAuthorizationEvents();
 
 app.UseSystemWebAdapters();
 
 app.MapDefaultControllerRoute();
 
+app.Map("/user", () =>
+{
+    var user = ClaimsPrincipal.Current;
+
+    if (user is null)
+    {
+        return Results.Problem("Empty ClaimsPrincipal");
+    }
+
+    return Results.Json(new
+    {
+        IsAuthenticated = user.Identity?.IsAuthenticated ?? false,
+        Name = user.Identity?.Name,
+        Claims = user.Claims.Select(c => new { c.Type, c.Value })
+    });
+}).WithMetadata(new SetThreadCurrentPrincipalAttribute()); ;
+
 app.MapRemoteAppFallback()
     .ShortCircuit();
 

src/Microsoft.AspNetCore.SystemWebAdapters.CoreServices/CurrentPrincipalMiddleware.cs

@@ -4,7 +4,7 @@
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Http;
 
-namespace Microsoft.AspNetCore.SystemWebAdapters;
+namespace Microsoft.AspNetCore.SystemWebAdapters.Middleware;
 
 internal sealed class CachePolicyMiddleware(RequestDelegate next)
 {

src/Microsoft.AspNetCore.SystemWebAdapters.CoreServices/CachePolicyMiddleware.cs renamed to src/Microsoft.AspNetCore.SystemWebAdapters.CoreServices/Middleware/CachePolicyMiddleware.cs

@@ -0,0 +1,22 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Features;
+using Microsoft.AspNetCore.SystemWebAdapters.Features;
+
+namespace Microsoft.AspNetCore.SystemWebAdapters.Middleware;
+
+internal sealed class CurrentPrincipalMiddleware(RequestDelegate next)
+{
+    public Task InvokeAsync(HttpContextCore context)
+    {
+        if (context.GetEndpoint()?.Metadata.GetMetadata<SetThreadCurrentPrincipalAttribute>() is { IsDisabled: false })
+        {
+            context.Features.GetRequiredFeature<IRequestUserFeature>().EnableStaticAccessors();
+        }
+
+        return next(context);
+    }
+}

src/Microsoft.AspNetCore.SystemWebAdapters.CoreServices/Middleware/CurrentPrincipalMiddleware.cs

@@ -6,7 +6,7 @@
 using Microsoft.AspNetCore.Http.Features;
 using Microsoft.AspNetCore.SystemWebAdapters.Features;
 
-namespace Microsoft.AspNetCore.SystemWebAdapters;
+namespace Microsoft.AspNetCore.SystemWebAdapters.Middleware;
 
 internal partial class PreBufferRequestStreamMiddleware
 {

src/Microsoft.AspNetCore.SystemWebAdapters.CoreServices/PreBufferRequestStreamMiddleware.cs renamed to src/Microsoft.AspNetCore.SystemWebAdapters.CoreServices/Middleware/PreBufferRequestStreamMiddleware.cs

@@ -0,0 +1,37 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Features;
+using Microsoft.AspNetCore.SystemWebAdapters.Features;
+
+namespace Microsoft.AspNetCore.SystemWebAdapters.Middleware;
+
+internal sealed class RequestFeaturesMiddleware(RequestDelegate next)
+{
+    public async Task InvokeAsync(HttpContextCore context)
+    {
+        var existing = context.Features.GetRequiredFeature<IHttpRequestFeature>();
+        var existingPipe = context.Features.Get<IRequestBodyPipeFeature>();
+
+        using var inputStreamFeature = new HttpRequestInputStreamFeature(existing);
+
+        context.Features.Set<IHttpRequestFeature>(inputStreamFeature);
+        context.Features.Set<IHttpRequestInputStreamFeature>(inputStreamFeature);
+        context.Features.Set<IRequestBodyPipeFeature>(inputStreamFeature);
+        context.Features.Set<IHttpRequestPathFeature>(inputStreamFeature);
+
+        try
+        {
+            await next(context);
+        }
+        finally
+        {
+            context.Features.Set<IHttpRequestFeature>(existing);
+            context.Features.Set<IRequestBodyPipeFeature>(existingPipe);
+            context.Features.Set<IHttpRequestInputStreamFeature>(null);
+            context.Features.Set<IHttpRequestPathFeature>(null);
+        }
+    }
+}

src/Microsoft.AspNetCore.SystemWebAdapters.CoreServices/Middleware/RequestFeaturesMiddleware.cs

@@ -0,0 +1,105 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System;
+using System.Security.Claims;
+using System.Security.Principal;
+using System.Threading;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Features.Authentication;
+using Microsoft.AspNetCore.SystemWebAdapters.Features;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+
+namespace Microsoft.AspNetCore.SystemWebAdapters.Middleware;
+
+internal sealed partial class RequestUserFeaturesMiddleware(RequestDelegate next, IOptions<SystemWebAdaptersOptions> options, ILoggerFactory loggerFactory)
+{
+    private readonly ILogger _logger = loggerFactory.CreateLogger<RequestUserFeature>();
+    private readonly bool _setCurrentAccessors = options.Value.EnableStaticUserAccessors;
+
+    public async Task InvokeAsync(HttpContextCore context, IOptions<SystemWebAdaptersOptions> options)
+    {
+        using var userFeature = new RequestUserFeature(_logger, _setCurrentAccessors) { User = context.User };
+
+        context.Features.Set<IRequestUserFeature>(userFeature);
+        context.Features.Set<IHttpAuthenticationFeature>(userFeature);
+
+        try
+        {
+            await next(context);
+        }
+        finally
+        {
+            context.Features.Set<IRequestUserFeature>(null);
+            context.Features.Set<IHttpAuthenticationFeature>(null);
+        }
+    }
+
+    private sealed partial class RequestUserFeature(ILogger logger, bool setCurrentAccessors) : IRequestUserFeature, IHttpAuthenticationFeature, IDisposable
+    {
+        private readonly ILogger logger = logger;
+
+        [LoggerMessage(0, LogLevel.Debug, "A custom principal {PrincipalType} is being used and should be replaced with a ClaimsPrincipal derived type.")]
+        private partial void LogNonClaimsPrincipal(Type principalType);
+
+        [LoggerMessage(1, LogLevel.Trace, "Thread.CurrentPrincipal has been set with the current user")]
+        private partial void LogCurrentPrincipalUsage();
+
+        public IPrincipal? User { get; set; }
+
+        WindowsIdentity? IRequestUserFeature.LogonUserIdentity => User?.Identity as WindowsIdentity;
+
+        ClaimsPrincipal? IHttpAuthenticationFeature.User
+        {
+            get => GetOrCreateClaims(User);
+            set
+            {
+                User = value;
+                EnsureCurrentPrincipalSetIfRequired();
+            }
+        }
+
+        private ClaimsPrincipal? GetOrCreateClaims(IPrincipal? principal)
+        {
+            if (principal is null)
+            {
+                return null;
+            }
+
+            if (principal is ClaimsPrincipal claimsPrincipal)
+            {
+                return claimsPrincipal;
+            }
+
+            LogNonClaimsPrincipal(principal.GetType());
+
+            return new ClaimsPrincipal(principal);
+        }
+
+        public void EnableStaticAccessors()
+        {
+            LogCurrentPrincipalUsage();
+            setCurrentAccessors = true;
+            EnsureCurrentPrincipalSetIfRequired();
+        }
+
+        private void EnsureCurrentPrincipalSetIfRequired()
+        {
+            if (setCurrentAccessors)
+            {
+                var claimsPrincipal = GetOrCreateClaims(User);
+                Thread.CurrentPrincipal = claimsPrincipal;
+            }
+        }
+
+        public void Dispose()
+        {
+            if (setCurrentAccessors)
+            {
+                Thread.CurrentPrincipal = null;
+            }
+        }
+    }
+}

src/Microsoft.AspNetCore.SystemWebAdapters.CoreServices/Middleware/RequestUserFeaturesMiddleware.cs

@@ -0,0 +1,42 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Features;
+using Microsoft.AspNetCore.SystemWebAdapters.Features;
+
+namespace Microsoft.AspNetCore.SystemWebAdapters.Middleware;
+
+internal sealed class ResponseFeaturesMiddleware(RequestDelegate next)
+{
+    public async Task InvokeAsync(HttpContextCore context)
+    {
+        var responseBodyFeature = context.Features.GetRequiredFeature<IHttpResponseBodyFeature>();
+
+        using var adapterFeature = new HttpResponseAdapterFeature(responseBodyFeature);
+
+        context.Features.Set<IHttpResponseBodyFeature>(adapterFeature);
+        context.Features.Set<IHttpResponseBufferingFeature>(adapterFeature);
+        context.Features.Set<IHttpResponseEndFeature>(adapterFeature);
+        context.Features.Set<IHttpResponseContentFeature>(adapterFeature);
+
+        try
+        {
+            await next(context);
+        }
+        finally
+        {
+            // The buffering feature may be removed if the response has ended i.e in usage with YARP
+            if (context.Features.Get<IHttpResponseBufferingFeature>() is { } buffer)
+            {
+                await buffer.FlushAsync();
+            }
+
+            context.Features.Set<IHttpResponseBodyFeature>(responseBodyFeature);
+            context.Features.Set<IHttpResponseBufferingFeature>(null);
+            context.Features.Set<IHttpResponseEndFeature>(null);
+            context.Features.Set<IHttpResponseContentFeature>(null);
+        }
+    }
+}

src/Microsoft.AspNetCore.SystemWebAdapters.CoreServices/Middleware/ResponseFeaturesMiddleware.cs

@@ -6,7 +6,7 @@
 using Microsoft.AspNetCore.Http.Features;
 using Microsoft.AspNetCore.SystemWebAdapters.Features;
 
-namespace Microsoft.AspNetCore.SystemWebAdapters;
+namespace Microsoft.AspNetCore.SystemWebAdapters.Middleware;
 
 internal sealed class SessionEventsMiddleware
 {