Role Claim not working in ASP.NET Core 8 Web API after upgrading to .NET 8
I have a .NET 7 ASP.NET Core 7.0 Web API project which uses .NET 7 ASP.NET Core 7.0 IdentityServer4 Project. Everything is working fine.
Here is my code setup:
IdentityServer4:
In my ProfileService in IdentityServer4 project, I'm adding a role claim as show below.
ProfileService.cs:
claims.Add(new Claim("role", "master"));
Startup.cs:
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
Web API:
I have added Authorization services in Program.cs
Program.cs:
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
services.AddScoped<IAuthorizationHandler, SubjectMustMatchUserHandler>();
services.AddAuthorization(authorizationOptions =>
{
authorizationOptions.AddPolicy(
Policies.SubjectMustMatchUser,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new SubjectMustMatchUserRequirement());
});
authorizationOptions.AddPolicy(Policies.MustBeMasterUser, Policies.MustBeMasterUserPolicy());
})
.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.Authority = configuration.GetValue<string>("AuthorityUrl");
options.Audience = "redacted";
});
Authorization Policy:
public static AuthorizationPolicy MustBeMasterUserPolicy()
{
return new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.RequireClaim("role", "master")
.Build();
}
Claims:
Till now all is working fine.
Now I have updated my project to .NET 8 and the Role Claim is not working as expected and my policies are failing.
When I debug, I noticed the change in the name of role claim key from role to http://schemas.microsoft.com/ws/2008/06/identity/claims/role as shown below
This change is making my policies to fail. I'm not able to find any docs to fix this in Migration guides. Please can you help me figure out what I'm missing?
You need to specify what the name of your role and name claim is, using:
.AddJwtBearer(opt =>
{
// ...
opt.TokenValidationParameters.RoleClaimType = "role";
opt.TokenValidationParameters.NameClaimType = "name";
// ...
});
You might also want to disable the rename of the claims, by:
.AddJwtBearer(opt =>
{
// ...
opt.MapInboundClaims = false;
// ...
});
For more details, see my blog post here: Debugging JwtBearer Claim Problems in ASP.NET Core
- Make a shortcut for Console.WriteLine()
- How do I find the installed .NET versions?
- Add Rectangle to ContentControl C# wpf
- AutoMapper: "Ignore the rest"?
- How to change combobox background color (not just the drop down list part)
- What is the fastest\best way to get file names from a folder using PowerShell?
- Collections and the Powershell Pipeline
- How to fix/speed up powershell script?
- What is the best way to get the value of what user is logged in?
- Warning: "Using the iteration variable in a lambda expression may have unexpected results"
- "==" Operator Doesn't Behave Like Compiler-generated Equals() override for anonymous type
- Azure C# Cosmos DB: Property "id" is missing when it's actually present
- Visual Studio doesnt find the installed .net SDK
- Xamarin EditText InputType Password
- GetAwait().GetResult causes potential threading problems
- How to pass js function argument to inline c# in cshtml?
- How to move/rename file using WinSCP .NET Assembly when target file exist already?
- How to write xUnit test for Validate of IValidatableObject?
- How to check whether a page is run in production or dev or test in .NET/C#?
- What is a NullReferenceException, and how do I fix it?
- How do you get T4ReferencePath to work?
- Show tooltip on textbox entry
- How to distinguish when FOUND is false from when row version is obsolete in a Postgres stored function
- How to write Performance Test for .Net application?
- Make sure an object with a particular key is statically created once
- .Net Core [Authorize] - Or instead of And for permission test
- What ORM for .net should I use?
- NSwag produces incorrect output for IFromFile in Minimal API when file parameter is wrapped in model class
- Find a substring in a case-insensitive way - C#
- ASP.NET Core 3.1 Azure AD Authentication throws OptionsValidationException