Get Value from Security.User.Id

daveg1466 · May 1, 2023, 12:27am

I have a curious issue. I am trying to access the value of aspnetusers column Id. I have set up a global variable I call userID and in the shared main layout razor page, I use the following line

Globals.userID = Security.User.Id

I am trying to get this value to filter table of employees so that I can get certain user rights and permissions to use in the rest of my application.

The curious issue is that when I try to access the Security.User.Id I get a different value than the actual Id in the aspnetusers file that corresponds to the user I log in under.

What is more curious is that if I create two RadzenText components and assign Security.User.Id to one and userID to another, the first one gives me the correct Id and the second one gives me a different value everytime I run the application. Below is the code.

For simplicity I just put the two RadzenText components in the Index page to see the output.

I tried the same code in Radzen Studio and I get the exact same values for both components.

korchev · May 1, 2023, 5:54am

I recommend using Security.User.Id always. The Security service is registered automatically in every page. There is no need to keep a separate global variable for something which is always available.

daveg1466 · May 1, 2023, 2:13pm

That is what I though as well, but I can't seem to use Security.User.Id in a filter. It generates an empty table.

I have tried the same filter in both radzen studio and RBS and it works fine in raden studio but not at all in RBS.

I did a test on a blank slate application.

The only table I added to the database was called employees, with the following columns

EmployeeID (primary key)
FirstName
LastName
EmpUserID (nvarchar(450) just like the Id field in the AspNetUsers table)

I Generated a new Blazor Server application in RBS
I Added the database and did not modify any settings accept for setting the formfield to flat
I ran the application and it ran fine.
I Stopped the application and added Security (just basic, no registration or password reset)
I ran the application and logged in as admin...still fine

I them modified the Add ApplicationUser page to add a new employee record and copy the user.Id to the employee table. Following is the code.

[Inject]
public FilterTestDataService FilterTestDataService { get; set; }

    protected IEnumerable<FilterTest.Models.ApplicationRole> roles;
    protected FilterTest.Models.ApplicationUser user;
    protected FilterTest.Models.FilterTestData.Employee employee;
    protected IEnumerable<string> userRoles = Enumerable.Empty<string>();
    protected string error;
    protected bool errorVisible;

    [Inject]
    protected SecurityService Security { get; set; }

    protected override async Task OnInitializedAsync()
    {
        user = new FilterTest.Models.ApplicationUser();
        employee = new FilterTest.Models.FilterTestData.Employee();

        roles = await Security.GetRoles();
    }

    protected async Task FormSubmit(FilterTest.Models.ApplicationUser user)
    {
        try
        {
            user.Roles = roles.Where(role => userRoles.Contains(role.Id)).ToList();
            await Security.CreateUser(user);
            employee.EmpUserID = user.Id;
            await FilterTestDataService.CreateEmployee(employee);
            DialogService.Close(null);
        }
        catch (Exception ex)
        {
            errorVisible = true;
            error = ex.Message;
        }
    }

I saved and ran the application and created two users.
The user.Id was successfully added to both employee records.

I then modified the Employee page (not the Add or Edit) with the following code (The ONLY change I made)

    protected override async Task OnInitializedAsync()
    {
        employees = await FilterTestDataService.GetEmployees(new Query() { Filter = $@"i => i.EmpUserID == @0", FilterParameters = new object[] { Security.User.Id }});
    }

I ran the application logging in as each user and checked the Employee page and no records could be displayed.

I did the exact same procedure in Radzen Studio and it worked exactly as intended.

The only reason I wanted to detail this experiment is to see if the way filtering for Security.User.Id is different between the two applications. It just isn't evident to me.

Not looking for deep dive support on this, just want to know if my code is correct.

Thanks for looking

korchev · May 1, 2023, 2:29pm

I recommend checking with the debugger the value of Security.User.Id to see if it is the correct one. If the code doesn't work with Security.User.Id it won't work with a global variable assigned to the same value as well.

daveg1466 · May 1, 2023, 3:17pm

Thank you for that. It seems that the user.Id that gets reported in the add application user page is not the one that gets saved.

Also, there must be an algorithm in there somewhere (CreateUser does call a json file..I am not at all familiar with json) that generates the Id.

Even when I execute the form submit and try to assign the user.Id to employee.EmpUserId it generates a completely different Id that is saved to the employee table.

So it looks like the Id can not be copied to another table.

The work around is to use the email address. When I assign the user.Email to employee.EmpEmail, it works fine (no algorithm) and then I am able to filter on that just fine.

That, combined with the fine tutorial from Benjamin Fadina on adding employees and updating aspnetusers made this work exactly the way I needed.

The final result is no longer needing to extend AspNetUsers table, as I can put those columns in the employee file and access it anywhere in my application. This is a much more elegant solution that creates huge flexibility in application security!

DB1234 · May 3, 2023, 6:06pm

@daveg1466 I'm not 100% I have the same situation but I was able to use the ID.

I have a table that has a foreign key to the AspNetUsers table, ID column.

I was able to assign AspNetUsers.ID column to the other table.