I have a project done with Asp.Net Core 2.0 API, Identity Server and WPF app. I am able to access the API from WPF after I login in.
Now I am trying to implement roles so I can be able to authorize just certain users to access the API.
In Config.cs I am declaring my Client and add to the scope :
new Client
{
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email,
IdentityServerConstants.StandardScopes.OfflineAccess,
"fiver_auth_api",
"role"
},
AlwaysIncludeUserClaimsInIdToken=true
}
Declaring TestUser:
return new List<TestUser>
{
new TestUser
{
SubjectId = "", Username = "", Password = "",
Claims = new List<Claim>
{
new Claim(JwtClaimTypes.Email, "[email protected]"),
new Claim(JwtClaimTypes.EmailVerified, "true", ClaimValueTypes.Boolean),
new Claim(JwtClaimTypes.Role, "Admin"),
new Claim(JwtClaimTypes.Scope, "openid offline_access fiver_auth_api")
}
}
}
And in the controller I am using :
[Authorize(Roles = "Admin")]
Why I don`t get the user claims in the token?
For who is interested there is how I fixed it: In your configuration file add a list for your roles:
new ApiResource
(
"fiver_auth_api",
"Fiver.Security.AuthServer.Api",
new List<string> {"role"} <--- Add this line to your API
)