Authorization Role/Policy Attributes Not Working In .Net Core 3
I've had no luck getting any Role or Policy attributes working in .Net Core 3. I started my project with the .Net Core Angular starter project with authentication. I figured this was something to do with the new .AddDefault methods so I have simplified it as much as I possibly can and it still doesn't work.
Here is my policy:
services.AddAuthorization(options =>
{
options.AddPolicy("IsAdmin", policy =>
policy.RequireClaim("role", "admin"));
});
Here is my controller:
[Authorize(Policy = "IsAdmin")]
[Route("api/[controller]")]
public class AdminController : Controller
{
...
I made a custom Profile service that adds the claim to the token,
var claims = new List<Claim>();
if (await _userManager.IsInRoleAsync(user, "Admin"))
{
claims.Add(new Claim(JwtClaimTypes.Role, "admin"));
}
context.IssuedClaims.AddRange(claims);
Inside my access token (from jwt.io):
Other parts of configure services:
services.AddDefaultIdentity<ApplicationUser>()
.AddRoles<IdentityRole>()
.AddEntityFrameworkStores<ApplicationDbContext>();
...
services.AddAuthentication()
.AddIdentityServerJwt();
The plain [Authorize] tag is working fine with the access token on other controllers.
When I hit this controller with the access token I get a 403 response
What am I missing that is preventing this from working?
I try your code and find that the role claim key has been transformed to the standard Role ClaimsType : http://schemas.microsoft.com/ws/2008/06/identity/claims/role
So using ClaimTypes.Role will fix the problem:
services.AddAuthorization(options => {
options.AddPolicy("IsAdmin", policy =>
{
policy.RequireClaim(ClaimTypes.Role,"admin");
});
});
Demo
- ASP.Net Core Content-Disposition attachment/inline
- How to embed the scoped css bundle file generated by Razor class library?
- Visual Studio ASP.NET Core Debug IIS Express - Site can't be reached
- How to configure Elastic.Serilog.Sinks 8.11 in ASP.NET Core 8 web app?
- How to validate a form using Javascript
- .NET Core Razor - scenario on how to mix C# with html
- How do I make a column in SQL that's an array of data in .NET Core MVC?
- Passing model from Index to _Layout to _Header in ASP.NET Core causes NullReferenceException on get_Model()
- Method not allowed 405 POST ASP.NET CORE 5.0 WEB API
- Odata Global PageSize
- Http 429 is not returnable in status code from C# ASP.NET Core Web API
- How to extract a list from appsettings.json in .net core
- Failing to perform Cookie Authentication: SignInAsync and AuthenticateAsync not successful
- No service for type has been registered
- .NET 8 windows service thinks hosting environment is production when debugging locally
- ASP.NET Core CORS Setup Stops Working After Bicep Deployment
- ASP.NET Core: URL rewriting does not work with a static file
- Could not load file or assembly 'Microsoft.AspNetCore.SpaProxy'?
- Multiple Identities in ASP.NET Core 2.0
- Blazor WASM cannot use Entity Framework Core
- Html number input handling in blazor
- C# Blazor EventCallBack is not set
- Toast Component not working in Razor app C#
- How to change background color of loading page of a WASM app?
- How can I get an ILogger in an exception handler - created in Main()?
- Minimal API Results.Ok Not Returning Full Object
- Blazor A second operation started on this context before a previous operation completed
- C# required property setter for reference type with default value set to null
- Working with DirectoryServices in ASP.NET Core
- Is there an ILogger provider to write to a local file, or to Azure BLOB?