If the business logic layer needs to know if the user is logged in, you should just pass along that information as an argument.
The business layer should not need to know HOW the user is authenticated, if it needs to know if the user is logged in it should be given that information -- that's separation of concerns for you! :)
The main idea is that you can always reuse the same business rules even in an entirely different environment, e.g, using a different authentication mechanism.