Run Can_UseIHttpContextAccessor_InTool in stateless mode

halter73 · halter73 · commit 876bdbb4ffce · 2025-05-14T04:35:08.000-07:00
diff --git a/src/ModelContextProtocol.AspNetCore/HttpMcpSession.cs b/src/ModelContextProtocol.AspNetCore/HttpMcpSession.cs
@@ -7,7 +7,7 @@ namespace ModelContextProtocol.AspNetCore;
 internal sealed class HttpMcpSession<TTransport>(
     string sessionId,
     TTransport transport,
-    (string Type, string Value, string Issuer)? userIdClaim,
+    StatelessUserId? userId,
     TimeProvider timeProvider) : IAsyncDisposable
     where TTransport : ITransport
 {
@@ -17,7 +17,7 @@ internal sealed class HttpMcpSession<TTransport>(
 
     public string Id { get; } = sessionId;
     public TTransport Transport { get; } = transport;
-    public (string Type, string Value, string Issuer)? UserIdClaim { get; } = userIdClaim;
+    public StatelessUserId? UserIdClaim { get; } = userId;
 
     public CancellationToken SessionClosed => _disposeCts.Token;
 
diff --git a/src/ModelContextProtocol.AspNetCore/StatelessSessionId.cs b/src/ModelContextProtocol.AspNetCore/StatelessSessionId.cs
@@ -9,5 +9,5 @@ internal sealed class StatelessSessionId
     public Implementation? ClientInfo { get; init; }
 
     [JsonPropertyName("userIdClaim")]
-    public (string Type, string Value, string Issuer)? UserIdClaim { get; init; }
+    public StatelessUserId? UserIdClaim { get; init; }
 }
diff --git a/src/ModelContextProtocol.AspNetCore/StatelessUserId.cs b/src/ModelContextProtocol.AspNetCore/StatelessUserId.cs
@@ -0,0 +1,3 @@
+﻿namespace ModelContextProtocol.AspNetCore;
+
+internal sealed record StatelessUserId(string Type, string value, string Issuer);
diff --git a/src/ModelContextProtocol.AspNetCore/StreamableHttpHandler.cs b/src/ModelContextProtocol.AspNetCore/StreamableHttpHandler.cs
@@ -314,7 +314,7 @@ internal static Task RunSessionAsync(HttpContext httpContext, IMcpServer session
     // SignalR only checks for ClaimTypes.NameIdentifier in HttpConnectionDispatcher, but AspNetCore.Antiforgery checks that plus the sub and UPN claims.
     // However, we short-circuit unlike antiforgery since we expect to call this to verify MCP messages a lot more frequently than
     // verifying antiforgery tokens from <form> posts.
-    internal static (string Type, string Value, string Issuer)? GetUserIdClaim(ClaimsPrincipal user)
+    internal static StatelessUserId? GetUserIdClaim(ClaimsPrincipal user)
     {
         if (user?.Identity?.IsAuthenticated != true)
         {
@@ -325,7 +325,7 @@ internal static (string Type, string Value, string Issuer)? GetUserIdClaim(Claim
 
         if (claim is { } idClaim)
         {
-            return (idClaim.Type, idClaim.Value, idClaim.Issuer);
+            return new(idClaim.Type, idClaim.Value, idClaim.Issuer);
         }
 
         return null;
diff --git a/tests/ModelContextProtocol.AspNetCore.Tests/MapMcpTests.cs b/tests/ModelContextProtocol.AspNetCore.Tests/MapMcpTests.cs
@@ -46,10 +46,13 @@ public async Task MapMcp_ThrowsInvalidOperationException_IfWithHttpTransportIsNo
     [Fact]
     public async Task Can_UseIHttpContextAccessor_InTool()
     {
-        Assert.SkipWhen(UseStreamableHttp, "IHttpContextAccessor is not currently supported with Streamable HTTP." +
-            "TODO: Support it in stateless mode by manually capturing and flowing execution context.");
+        Assert.SkipWhen(UseStreamableHttp && !Stateless,
+            """
+            IHttpContextAccessor is not currently supported with non-stateless Streamable HTTP.
+            TODO: Support it in stateless mode by manually capturing and flowing execution context.
+            """);
 
-        Builder.Services.AddMcpServer().WithHttpTransport().WithTools<EchoHttpContextUserTools>();
+        Builder.Services.AddMcpServer().WithHttpTransport(ConfigureStateless).WithTools<EchoHttpContextUserTools>();
 
         Builder.Services.AddHttpContextAccessor();
 

Original file line number	Diff line number	Diff line change
`@@ -9,5 +9,5 @@ internal sealed class StatelessSessionId`
`9`	`9`	`public Implementation? ClientInfo { get; init; }`
`10`	`10`
`11`	`11`	`[JsonPropertyName("userIdClaim")]`
`12`		`- public (string Type, string Value, string Issuer)? UserIdClaim { get; init; }`
	`12`	`+ public StatelessUserId? UserIdClaim { get; init; }`
`13`	`13`	`}`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+namespace ModelContextProtocol.AspNetCore;`
	`2`	`+`
	`3`	`+internal sealed record StatelessUserId(string Type, string value, string Issuer);`
Original file line number	Diff line number	Diff line change
`@@ -314,7 +314,7 @@ internal static Task RunSessionAsync(HttpContext httpContext, IMcpServer session`
`314`	`314`	`// SignalR only checks for ClaimTypes.NameIdentifier in HttpConnectionDispatcher, but AspNetCore.Antiforgery checks that plus the sub and UPN claims.`
`315`	`315`	`// However, we short-circuit unlike antiforgery since we expect to call this to verify MCP messages a lot more frequently than`
`316`	`316`	`// verifying antiforgery tokens from <form> posts.`
`317`		`- internal static (string Type, string Value, string Issuer)? GetUserIdClaim(ClaimsPrincipal user)`
	`317`	`+ internal static StatelessUserId? GetUserIdClaim(ClaimsPrincipal user)`
`318`	`318`	`{`
`319`	`319`	`if (user?.Identity?.IsAuthenticated != true)`
`320`	`320`	`{`
`@@ -325,7 +325,7 @@ internal static (string Type, string Value, string Issuer)? GetUserIdClaim(Claim`
`325`	`325`
`326`	`326`	`if (claim is { } idClaim)`
`327`	`327`	`{`
`328`		`- return (idClaim.Type, idClaim.Value, idClaim.Issuer);`
	`328`	`+ return new(idClaim.Type, idClaim.Value, idClaim.Issuer);`
`329`	`329`	`}`
`330`	`330`
`331`	`331`	`return null;`