Menu
I understand that I can use claims to make statements about a user:
var claims = new List<Claim>(); claims.Add(new Claim(ClaimTypes.Name, "Peter")); claims.Add(new Claim(ClaimTypes.Email, "[email protected]")); But how should I store "role-based" claims? For example:
The user is a super administrator.
claims.Add(new Claim("IsSuperAdmin, "true")); The value parameter "true" feels completely redundant. How else can this statement be expressed using claims?
404
Claims can be created from any user or identity data which can be issued using a trusted identity provider or ASP.NET Core identity. A claim is a name value pair that represents what the subject is, not what the subject can do.
Role based authorization checks: Are declarative and specify roles which the current user must be a member of to access the requested resource. Are applied to Razor Pages, controllers, or actions within a controller.
Claims are a method of providing information about a user, and roles are a description of a user by way of which roles they belong.
This is already done for you by the framework. When user is logged in, all user roles are added as claims with claims type being ClaimTypes.Role and values are role name.
And when you execute IPrincipal.IsInRole("SuperAdmin") the framework actually checks if the claim with type ClaimTypes.Role and value SuperAdmin is present on the user.
So don't need to do anything special. Just add a user to a role.
111
You can store roles using the ClaimType Role
claims.Add(new Claim(ClaimTypes.Role, "SuperAdmin")); If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
