asp.net-coreasp.net-identityblazorrolesasp.net-roles
User assigned roles remain unrecognised
I am trying to introduce an admin account into my project. I have updated the Startup.cs file to use roles and have added Admin and Standard account inside AspNetRoles and assigned a user using their UserID an admin. The relevant [Authorize(Role = "Admin")] has also been added to the page but the admin account remains denied access. I can't seem to find out what is causing this to not be recognised, I have searched similar posts which suggested implementing
.AddRoleManager<RoleManager<IdentityRole>>()
However, this did not seem to help either. Would appreciate any insight in resolving this issue. Using Blazor wasm. Thanks in advance.
Startup.cs
public class Startup { public Startup(IConfiguration configuration) { Configuration = configuration; }
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
// For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(
Configuration.GetConnectionString("DefaultConnection")));
services.AddDatabaseDeveloperPageExceptionFilter();
services.AddDefaultIdentity<ApplicationUser>(options => options.SignIn.RequireConfirmedAccount = false)
.AddRoles<IdentityRole>()
.AddEntityFrameworkStores<ApplicationDbContext>();
services.AddIdentityServer()
.AddApiAuthorization<ApplicationUser, ApplicationDbContext>();
services.AddAuthentication()
.AddIdentityServerJwt();
services.AddControllersWithViews();
services.AddRazorPages();
services.Configure<IdentityOptions>(options =>
options.ClaimsIdentity.UserIdClaimType = ClaimTypes.NameIdentifier);
services.AddControllers().AddNewtonsoftJson(x => x.SerializerSettings.ReferenceLoopHandling = Newtonsoft.Json.ReferenceLoopHandling.Serialize);
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseMigrationsEndPoint();
app.UseWebAssemblyDebugging();
}
else
{
app.UseExceptionHandler("/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseBlazorFrameworkFiles();
app.UseStaticFiles();
app.UseRouting();
app.UseIdentityServer();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapRazorPages();
endpoints.MapControllers();
endpoints.MapFallbackToFile("index.html");
});
}
}
Program.cs
public class Program
{
public static void Main(string[] args)
{
CreateHostBuilder(args).Build().Run();
}
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.UseStartup<Startup>();
});
}
AspNetRoles table
AspNetUserRoles table
Razor pages
@attribute [Authorize(Roles ="Admin")]
Despite the above implementations, when logging into the assigned Admin account, the message shown is
You are not authorized to access this resource.
Solution
Try the following...
Change:
services.AddIdentityServer()
.AddApiAuthorization<ApplicationUser, ApplicationDbContext>();
To:
// Configure identity server to put the role claim into the id token
// and the access token and prevent the default mapping for roles in
// the JwtSecurityTokenHandler.
services.AddIdentityServer()
.AddApiAuthorization<ApplicationUser, ApplicationDbContext>(options => {
options.IdentityResources["openid"].UserClaims.Add("role");
options.ApiResources.Single().UserClaims.Add("role");
});
// Need to do this as it maps "role" to ClaimTypes.Role and causes issues
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Remove("role");
- Redis cache in .NET 8 is not taking effect?
- Use React Authentication with .NET backend?
- List users with roles in a razor page using asp.net 6.0 Identity
- Correct handling of formless AJAX POST and AntiForgery in C# Razor Pages
- how to load partial view in ajax in asp.net core
- Entity Framework Core multiple connection strings on same DBContext?
- error A value of type 'int' cannot be used as a default parameter because there are no standard conversions to type
- What is this string inside Blazor components HTML tag
- Blazor Server: Breadcrumb change using JavaScript persists across pages
- .net blazor new debug profile lacks .css .js why?
- How to get results from a Postgresql function using EF Core?
- ASP Net identity two factor authentication last expired token is getting validated successfully
- Why string property must be declared as nullable string in Entity Framework Core when corresponding database table column is nullable
- HTTP Error 500.30 - ASP.NET Core app failed to start(abp-commercial)
- How to Configure Swagger to Display Different Model Classes Based on Content Type in .NET API
- How to register multiple implementations of the same interface with different dependencies
- How to remove UserName field from asp.net core 3 Identity
- Difference between BadRequestResult and BadRequestObjectResult
- Where do custom metrics I did not set come from
- How to force Visual Studio to re-create the SSL certificate for a .NET Core Web Application running Kestrel?
- How to map a user attribute to a standard OIDC claim in keycloak
- How to mock service injected by HttpContext.RequestServices.GetService<> in derived controller?
- ASP. NET Core 8: Error HTTP 500 and returnurl=%2F in the URL
- Asp Core, How to use PagingList<T>.CreateAsync() with a viewModel?
- Why is Application Insights showing no events
- ASP.NET Core - error 404.15 after adding authorization services
- Why am I getting this Content Policy error?
- SignalR hub connection StateChanged not working client
- Why is this API considered having ambiguous method/path combination when the names and routes are different?
- How to use "TypedHttpClientFactory" with "AddHttpMessageHandler"?