I have created multiple authorization policies, each with 1 claim in it, doing a role check, like so:
options.AddPolicy("SuperAdminPolicy", policy => policy.RequireClaim(ClaimTypes.Role, "SuperAdmin"));
That all works fine.
However, I'm now at the point where I want to check 2 different types of claims, e.g. I want to make sure that the user has a specific role claim (As above), but I also want to check the value of a completely different claim (Such as first name). To clarify, I want to say something like " user must be in role 'x' and must have a first name claim value of 'bob'".
I can't quite figure out how to achieve this (And I'm sure it's probably quite straight forward).
Can someone point me in the right direction please?
Thanks.
We can actually chain the RequireClaim like this.
services.AddAuthorization(option => {
option.AddPolicy("SuperAdmin policy",
policy => policy.RequireClaim(ClaimType.Role,"SuperAdmin")
.RequireClaim(ClaimType.Name,"Bob"));
});
I did a little additional research on this post as I was looking for something very similar. I noticed there is a policy.RequireRole and policy.RequireUser in addition to RequireClaim. Thus, a policy can require a claim, role, user, or any combination.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With