ChilliCream · michaelstaib · Feb 13, 2023 · Feb 13, 2023 · Feb 13, 2023
diff --git a/src/HotChocolate/Core/src/Authorization/AuthorizationContextEnricher.cs b/src/HotChocolate/Core/src/Authorization/AuthorizationContextEnricher.cs
@@ -1,3 +1,4 @@
+using System.Security.Claims;
 using HotChocolate.Execution;
 using Microsoft.Extensions.DependencyInjection;
 using static HotChocolate.WellKnownContextData;
@@ -13,5 +14,12 @@ public void Enrich(IRequestContext context)
             var authorizationHandler = context.Services.GetRequiredService<IAuthorizationHandler>();
             context.ContextData.Add(AuthorizationHandler, authorizationHandler);
         }
+
+        if (!context.ContextData.ContainsKey(WellKnownContextData.UserState) &&
+            context.ContextData.TryGetValue(nameof(ClaimsPrincipal), out var value) &&
+            value is ClaimsPrincipal principal)
+        {
+            context.ContextData.Add(WellKnownContextData.UserState, new UserState(principal));
+        }
     }
 }
diff --git a/src/HotChocolate/Core/test/Authorization.Tests/AnnotationBasedAuthorizationTests.cs b/src/HotChocolate/Core/test/Authorization.Tests/AnnotationBasedAuthorizationTests.cs
@@ -1,3 +1,4 @@
+using System.Security.Claims;
 using CookieCrumble;
 using HotChocolate.Authorization;
 using HotChocolate.Execution;
@@ -610,6 +611,67 @@ public async Task Skip_Authorize_On_Node_Field()
         Assert.Equal(401, value);
     }
 
+    [Fact]
+    public async Task Assert_UserState_Exists()
+    {
+        // arrange
+        var handler = new AuthHandler(
+            resolver: (ctx, _)
+                => ctx.ContextData.ContainsKey(WellKnownContextData.UserState)
+                    ? AuthorizeResult.Allowed
+                    : AuthorizeResult.NotAllowed,
+            validation: (ctx, _)
+                => ctx.ContextData.ContainsKey(WellKnownContextData.UserState)
+                    ? AuthorizeResult.Allowed
+                    : AuthorizeResult.NotAllowed);
+
+        var services = CreateServices(
+            handler,
+            options =>
+            {
+                options.ConfigureNodeFields =
+                    descriptor =>
+                    {
+                        descriptor.Authorize("READ_NODE");
+                    };
+            });
+
+        var executor = await services.GetRequestExecutorAsync();
+
+        // act
+        var result = await executor.ExecuteAsync(
+            builder =>
+                builder
+                    .SetQuery(
+                        """
+                        {
+                          nodes(ids: "abc") {
+                            __typename
+                          }
+                        }
+                        """)
+                    .SetGlobalState(nameof(ClaimsPrincipal), new ClaimsPrincipal()));
+
+        // assert
+        Snapshot
+            .Create()
+            .Add(result)
+            .MatchInline(
+                """
+                {
+                  "errors": [
+                    {
+                      "message": "Unable to decode the id string.",
+                      "extensions": {
+                        "operationStatus": "InvalidData",
+                        "originalValue": "abc"
+                      }
+                    }
+                  ]
+                }
+                """);
+    }
+
     private static IServiceProvider CreateServices(
         IAuthorizationHandler handler,
         Action<AuthorizationOptions>? configure = null)