Search code examples

The issue of having multiple roles on the client side in my Blazor WebAssembly project

<AuthorizeView Roles="@RulesAndRoles.Rules.FirstOrDefault(xd=> xd.Id ==1).Roles.ToString()">
<IconNavLink Href="Management" Icon="fa-star">
<AuthorizeView Roles="@RulesAndRoles.Rules.FirstOrDefault(xd=> xd.Id == 2).Roles.ToString()">
<IconNavLink Href="Entity" Icon="fa-star">

The role claims of my JWT token are structured as follows.

"": [ "Administrator", "User" ],

I am fetching and populating the necessary roles from my static class RulesAndRoles that I pull from the database, and there is no issue with the system. However, things have changed, and now each user can have multiple roles.

In the above code, @RulesAndRoles.Rules.FirstOrDefault(xd => xd.Id == 1).Roles.ToString() returns a value like "Administrator,Manager". If a user has only "Administrator" or only "Manager" as their role, everything works fine, but if they have both roles at the same time, no AuthorizeView works properly.

How can I solve this issue?

Thank you in advance!

<AuthorizeView Roles="Administrator">
<p>test admin</p>
<AuthorizeView Roles="User">
<p>test user</p>

I tried this, it works, but it's not very clean. In more complex areas, it makes things even more complicated.


  • You could separate the JWT role in AuthenticationStateProvider like following:

    public class CustomAuthenticationStateProvider : AuthenticationStateProvider
        private readonly IAccessTokenProvider _tokenProvider;
        public CustomAuthenticationStateProvider(IAccessTokenProvider tokenProvider)
            _tokenProvider = tokenProvider;
        public override async Task<AuthenticationState> GetAuthenticationStateAsync()
            var tokenResult = await _tokenProvider.RequestAccessToken();
            if (tokenResult.TryGetToken(out var accessToken))
                var handler = new JwtSecurityTokenHandler();
                var jwtToken = handler.ReadJwtToken(accessToken.Value);
                var identity = new ClaimsIdentity(jwtToken.Claims, "Bearer");
                // Extract and normalize role claims
                var roleClaims = jwtToken.Claims
                    .Where(c => c.Type == "")
                    .SelectMany(c => c.Value.Split(','))
                    .Select(role => new Claim(ClaimTypes.Role, role.Trim()));
                var user = new ClaimsPrincipal(identity);
                return new AuthenticationState(user);
            return new AuthenticationState(new ClaimsPrincipal(new ClaimsIdentity()));