Role Claim not working in ASP.NET Core 8 Web API after upgrading to .NET 8
I have a .NET 7 ASP.NET Core 7.0 Web API project which uses .NET 7 ASP.NET Core 7.0 IdentityServer4 Project. Everything is working fine.
Here is my code setup:
IdentityServer4:
In my ProfileService in IdentityServer4 project, I'm adding a role claim as show below.
ProfileService.cs:
claims.Add(new Claim("role", "master"));
Startup.cs:
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
Web API:
I have added Authorization services in Program.cs
Program.cs:
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
services.AddScoped<IAuthorizationHandler, SubjectMustMatchUserHandler>();
services.AddAuthorization(authorizationOptions =>
{
authorizationOptions.AddPolicy(
Policies.SubjectMustMatchUser,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new SubjectMustMatchUserRequirement());
});
authorizationOptions.AddPolicy(Policies.MustBeMasterUser, Policies.MustBeMasterUserPolicy());
})
.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.Authority = configuration.GetValue<string>("AuthorityUrl");
options.Audience = "redacted";
});
Authorization Policy:
public static AuthorizationPolicy MustBeMasterUserPolicy()
{
return new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.RequireClaim("role", "master")
.Build();
}
Claims:
Till now all is working fine.
Now I have updated my project to .NET 8 and the Role Claim is not working as expected and my policies are failing.
When I debug, I noticed the change in the name of role claim key from role to http://schemas.microsoft.com/ws/2008/06/identity/claims/role as shown below
This change is making my policies to fail. I'm not able to find any docs to fix this in Migration guides. Please can you help me figure out what I'm missing?
You need to specify what the name of your role and name claim is, using:
.AddJwtBearer(opt =>
{
// ...
opt.TokenValidationParameters.RoleClaimType = "role";
opt.TokenValidationParameters.NameClaimType = "name";
// ...
});
You might also want to disable the rename of the claims, by:
.AddJwtBearer(opt =>
{
// ...
opt.MapInboundClaims = false;
// ...
});
For more details, see my blog post here: Debugging JwtBearer Claim Problems in ASP.NET Core
- AWS EC2 ECS - How many tasks should I place on a single instance?
- How memory address for pointer to arrays is same as an element in 2D array?
- How do I change Project language level on Android Studio
- Recursively render tree in Rails
- Error Classpath is empty. Please build the project first e.g. by running apache kafka
- Understanding weird boolean 2d-array indexing behavior in numpy
- How to use ellipsis in c's case statement?
- Public variables inside namespace class arent showing up in the unity inspector
- What is Ejs , What is the use of EJS?
- How to disable directory indexing from apache2 when going to the server's root?
- make html text input field grow as I type?
- With python-oracledb what does 'DPY-4027: no configuration directory to search for tnsnames.ora' mean
- Android Credential Manager: what's the differences between GetSignInWithGoogleOption and GetGoogleIdOption
- Turn stack into a string?
- Remove duplicated value inside in cell in python with multiple row
- How to determine which Child Page is being displayed from Master Page?
- Why does sys.getsizeof() report the same size for two instances even though one has an extra attribute?
- When sending axios requests, the component is rendered too many times (or not)
- Problem installing node js and npm on Manjaro linux
- How to stack AlertDialog buttons vertically?
- How to determine which content page requested in Master page
- Render Unified Diff with Python
- Error message "error:0308010C:digital envelope routines::unsupported"
- Generating data dictionary for SQL Server database
- Fast & accurate atan/arctan approximation algorithm
- round down to 2 decimal in python
- Create Dynamic Named Range, based on adjacent value
- Load cache data from excel with phpexcel
- std::string.find ("string1" || "string2") with or statements between arguments, is it possible?
- Upgrading to Spring Boot 3/ JDK 17/ Spring 6 - JAXB conflict issue IllegalAnnotationsException