<![CDATA[Teguh Murdianto's Blog]]>https://blog.tmurdianto.comRSS for NodeMon, 20 Apr 2026 14:27:24 GMT60<![CDATA[๐Ÿง  Comprehensive Guide: ClaimsPrincipal, HttpContext, and HttpContextAccessor in .NET Core]]>https://blog.tmurdianto.com/comprehensive-guide-claimsprincipal-httpcontext-and-httpcontextaccessor-in-net-corehttps://blog.tmurdianto.com/comprehensive-guide-claimsprincipal-httpcontext-and-httpcontextaccessor-in-net-coreTue, 11 Nov 2025 14:21:52 GMT๐Ÿง  Comprehensive Guide: ClaimsPrincipal, HttpContext, and HttpContextAccessor in .NET Core

Based on Internet Research Best Practices (10x Iterations)
Date: November 2025

๐Ÿ“˜ Executive Summary

In ASP.NET Core, three key classes form the backbone of user identity and request handling:

  • HttpContext โ€“ Holds all HTTP-specific information about the current request (headers, cookies, identity, etc.)

  • ClaimsPrincipal โ€“ Represents the current user and all their claims (e.g., roles, email, ID)

  • IHttpContextAccessor โ€“ Safely provides access to HttpContext outside controllers or middleware

๐Ÿงฉ Why They Matter

Before .NET Core, developers relied on HttpContext.Current, which was not thread-safe and tightly coupled business logic to the web layer.
.NET Coreโ€™s new design solves these issues by enabling:

โœ… Thread-safe access to request context
โœ… Clean dependency injection (DI)
โœ… A flexible, claims-based identity model
โœ… Decoupled architecture

๐Ÿงฑ Core Concepts

1. Claims-Based Authentication

Claims describe facts about a subject (user, app, or service) in key-value pairs:

new Claim(ClaimTypes.Email, "john@company.com");
new Claim("sub", "12345");
new Claim("department", "Engineering");

ClaimsIdentity represents a set of claims from one authentication type (e.g., โ€œBearerโ€, โ€œCookiesโ€).
ClaimsPrincipal aggregates one or more identities โ€” like combining your passport and driverโ€™s license.

๐Ÿ” A ClaimsPrincipal inherits all claims from all its identities.

2. HttpContext: The Request Container

HttpContext encapsulates everything about an HTTP request/response:

  • Request: Headers, cookies, form data

  • Response: Status code, headers

  • User: The ClaimsPrincipal for the authenticated user

  • Items: Request-scoped storage

  • RequestServices: Dependency-injected services

Itโ€™s created at request start and disposed at the end โ€” one per request.

3. HttpContextAccessor: Accessing Context Anywhere

HttpContext is directly available in controllers, but not in service classes.
Thatโ€™s where IHttpContextAccessor comes in.

public class UserService
{
    private readonly IHttpContextAccessor _httpContextAccessor;

    public UserService(IHttpContextAccessor httpContextAccessor)
    {
        _httpContextAccessor = httpContextAccessor;
    }

    public string GetCurrentUserId()
    {
        return _httpContextAccessor.HttpContext?.User
            .FindFirst("sub")?.Value ?? throw new UnauthorizedAccessException();
    }
}

Thread-safe and testable โ€” no more static HttpContext.Current!

โš™๏ธ Problem Statement & Solutions

โŒ Tight Coupling (Pre-.NET Core)

var userId = HttpContext.Current.User.Identity.Name; // Not testable

โœ… Dependency Injection (Modern .NET)

var userId = _contextAccessor.HttpContext?.User.FindFirst("sub")?.Value;

  • Thread-safe (AsyncLocal<T>)

  • Easily mockable for unit tests

๐Ÿ—๏ธ Architecture & Design

Request Pipeline Overview

Incoming Request
   โ†“
HttpContext Created
   โ†“
Authentication Middleware โ†’ Builds ClaimsPrincipal
   โ†“
Authorization Middleware โ†’ Validates Policies
   โ†“
Controller โ†’ Access User
   โ†“
Service Layer โ†’ Inject IHttpContextAccessor
   โ†“
Response Returned โ†’ HttpContext Disposed

Dependency Injection Setup

services.AddHttpContextAccessor(); // Singleton registration

IHttpContextAccessor is stateless โ€” safe as a singleton.
Only access HttpContext inside method scope, never store it in fields.

๐Ÿงฉ Implementation Best Practices

โœ… 1. Register Everything in Program.cs

builder.Services.AddHttpContextAccessor();
builder.Services.AddScoped<IUserService, UserService>();

โœ… 2. Access User in Controllers

[Authorize]
public IActionResult GetOrders()
{
    var userId = User.FindFirst("sub")?.Value;
    return Ok(_orderService.GetUserOrders(userId));
}

Or, if you need it in the constructor, inject IHttpContextAccessor.

โœ… 3. Access User in Services

public string GetCurrentUserId()
{
    var user = _httpContextAccessor.HttpContext?.User;
    if (user?.Identity?.IsAuthenticated != true)
        throw new UnauthorizedAccessException();

    return user.FindFirst("sub")?.Value ?? throw new InvalidOperationException("User ID not found");
}

โœ… 4. Add Extension Methods for Clean Code

public static class ClaimsPrincipalExtensions
{
    public static string GetUserId(this ClaimsPrincipal principal) =>
        principal?.FindFirst("sub")?.Value ??
        principal?.FindFirst(ClaimTypes.NameIdentifier)?.Value;
}

โœ… 5. Avoid NullReferenceExceptions

Use null-conditional (?.) operators and null checks everywhere.

โœ… 6. Never Store HttpContext in Fields

Bad:

private readonly HttpContext _context;

Good:

var context = _accessor.HttpContext; // Access on-demand

๐Ÿงต Thread Safety & Performance

  • HttpContext is not thread-safe

  • Use AsyncLocal (via IHttpContextAccessor)

  • Extract user data before background/parallel tasks

var userId = User.FindFirst("sub")?.Value;
_ = Task.Run(() => ProcessInBackground(userId)); // Safe

Performance overhead? Negligible (<1ยตs per access).

โšก Common Pitfalls & Solutions

ProblemRoot CauseSolution
IsAuthenticated = falseAuthenticationType not setProvide authentication type
Name is nullNon-standard claim keyUse ClaimTypes.Name or map via constructor
IsInRole() falseCustom โ€œroleโ€ claim keyConfigure RoleClaimType in JWT
HttpContext null in constructorNot initialized yetUse IHttpContextAccessor
Claims missing after token refreshStale claimsImplement IClaimsTransformation

๐Ÿ’ผ Real-World Example: Health Insurance Claims

Controller extracts user ID and passes it to service for auditing:

var userId = _httpContextAccessor.HttpContext?.User.FindFirst("sub")?.Value;
await _claimServices.InsertClaimTransBenefit(response.Id, request.BenefitDetail, userId, ct);

Audit trail includes:

  • UserId

  • UserName

  • UserEmail

  • IP Address

๐Ÿงญ Decision Guide: When to Use What

ScenarioUseExample
Controller / MiddlewareUser or HttpContext directlyUser.FindFirst("sub")
Service / RepositoryIHttpContextAccessor_accessor.HttpContext?.User
Background JobNo HttpContextPass user data as parameters

Quick Flow:

Need user info?
โ”‚
โ”œโ”€ Controller โ†’ Use User
โ”œโ”€ Service โ†’ Use IHttpContextAccessor
โ””โ”€ Background/Job โ†’ Pass data manually

๐Ÿง  Key Takeaways

  • ClaimsPrincipal defines who the user is

  • HttpContext describes what the request is

  • IHttpContextAccessor enables safe cross-layer access

  • Always access context on-demand and avoid storing it

  • Be mindful of thread safety and lifetime scopes

๐Ÿ“š References

]]><![CDATA[From Mathematics to Tech Leadership: My Journey in Software Engineering]]>https://blog.tmurdianto.com/from-mathematics-to-tech-leadership-my-journey-in-software-engineeringhttps://blog.tmurdianto.com/from-mathematics-to-tech-leadership-my-journey-in-software-engineeringTue, 05 Nov 2024 09:15:15 GMTFrom Mathematics to Tech Leadership: My Journey in Software Engineering ๐Ÿš€

Hey there! ๐Ÿ‘‹ Ever heard of a mathematician who ended up leading tech teams? Well, that's me! My path into software engineering has been anything but ordinary. Let me tell you how I went from solving abstract mathematical problems to architecting software solutions and leading development teams.

Starting with X + Y = ? ๐Ÿ“š

Back in 2007-2012, you'd find me buried in mathematics textbooks at Institut Teknologi Sepuluh Nopember Surabaya. Plot twist - I wasn't dreaming about becoming a software engineer back then! But here's something cool: my thesis on "Application of Expert System to support determining the strategy of security problem in Indonesia borders area" turned out to be my first step into the tech world. Talk about a happy accident! ๐Ÿ˜„

First Steps into Tech: The Rookie Days ๐Ÿ‘ถ

Remember that feeling of your first day at a new job? Mine was in tech support and maintenance, staring at enterprise systems like they were written in hieroglyphics! But here's a funny thing about having a math background - I started seeing patterns everywhere.

Picture this: I had to fix this data integration process that was slower than a snail in molasses. Instead of panicking, I put on my math hat and broke it down like an equation. End result? Cut the processing time by 70%! My math professors would've been proud (or confused, not sure which ๐Ÿ˜…).

Leveling Up: The Leadership Adventure ๐ŸŽฎ

Talk about a plot twist - one day I'm coding away happily, the next I'm leading development teams across Android, iOS, and Backend. It's like being promoted from player to coach mid-game!

Here's a story that still makes me chuckle: My first team presentation as a lead was a technical masterpiece (in my head, at least). Reality check? Half my team was lost in the first five minutes. Lesson learned - being a tech lead is less about showing how smart you are and more about helping others be awesome.

The Boss Battle That Changed Everything ๐ŸŽฏ

Ever had one of those projects that felt like fighting a final boss in a video game? I hit one of those - tight deadlines, low team morale, stakeholders breathing down our necks. Instead of pushing everyone harder (my first instinct), I did something crazy: I took a step back.

We reorganized the team based on what people loved doing (turns out forcing your best backend dev to do frontend work isn't always smart ๐Ÿ˜…), started daily "how's it going?" chats, and boom! Two months later, we turned that project from a potential disaster into a success story.

Where I'm At Now: The Current Chapter ๐ŸŽฏ

These days, I'm living my best life as a System Analyst and Technical Leader. The cool part? I get to use BOTH my math brain and tech skills. Recently, we had this complex data analysis project, and guess who was grinning like a kid in a candy store? Yep, the math nerd in me was finally having its moment! ๐Ÿค“

Life Lessons (Not the Boring Kind) ๐Ÿ’ก

  1. Your "Weird" Background Might Be Your Superpower: Being the "math guy" in tech turned out to be pretty awesome. Different perspectives make tech better!

  2. It's OK to Say "I Have No Clue": Seriously, it's liberating. Plus, people trust you more when you're honest about what you don't know.

  3. Most "Technical Debt" is Actually "We Should Have Talked More" Debt: Trust me on this one - clear communication beats perfect code any day.

  4. Growth is Messy: Some of my best learning came from my biggest facepalm moments. Embrace the chaos!

  5. Everyone's a Teacher: That junior dev who just joined? They might teach you something amazing about new tech you've never heard of.

What's Next in This Adventure? ๐ŸŽฏ

I'm currently geeking out over combining mathematical modeling with machine learning - imagine explaining that to my old math professors! Through this blog, I'll be sharing:

  • Real stories from the trenches (the good, the bad, and the "what was I thinking?")

  • How to survive and thrive in tech (especially if you're coming from a different background)

  • Leadership stuff that actually works in real life

  • Cool tech experiments (some successful, some... let's call them "learning experiences" ๐Ÿ˜‰)

  • The fun side of mixing math and coding

Whether you're a fellow mathematician thinking about jumping into tech, a developer looking to level up to leadership, or just someone who enjoys a good career-change story, I hope my experiences can help make your journey a bit easier (or at least more entertaining!).

Let's learn together, laugh at our mistakes, and build some awesome stuff along the way! Drop a comment below - I'd love to hear your story too! ๐ŸŽ‰

#career #softwareengineering #leadership #techlead #programming #mathematics #careerchange #technology

]]>