I've had no luck getting any Role or Policy attributes working in .Net Core 3. I started my project with the .Net Core Angular starter project with authentication. I figured this was something to do with the new .AddDefault methods so I have simplified it as much as I possibly can and it still doesn't work. Here is my policy: <pre class="prettyprint"><code>services.AddAuthorization(options => { options.AddPolicy("IsAdmin", policy => policy.RequireClaim("role", "admin")); }); </code></pre> Here is my controller: <pre class="prettyprint"><code>[Authorize(Policy = "IsAdmin")] [Route("api/[controller]")] public class AdminController : Controller { ... </code></pre> I made a custom Profile service that adds the claim to the token, <pre class="prettyprint"><code>var claims = new List<Claim>(); if (await _userManager.IsInRoleAsync(user, "Admin")) { claims.Add(new Claim(JwtClaimTypes.Role, "admin")); } context.IssuedClaims.AddRange(claims); </code></pre> Inside my access token (from jwt.io): <img src="https://i.stack.imgur.com/r1ZNnm.png" alt="enter image description here"> Other parts of configure services: <pre class="prettyprint"><code>services.AddDefaultIdentity<ApplicationUser>() .AddRoles<IdentityRole>() .AddEntityFrameworkStores<ApplicationDbContext>(); ... services.AddAuthentication() .AddIdentityServerJwt(); </code></pre> The plain <code>[Authorize]</code> tag is working fine with the access token on other controllers. When I hit this controller with the access token I get a <code>403</code> response What am I missing that is preventing this from working?

I try your code and find that the <code>role</code> claim key has been transformed to the standard Role ClaimsType : <code>http://schemas.microsoft.com/ws/2008/06/identity/claims/role</code> <img src="https://i.stack.imgur.com/YoZVl.png" alt="enter image description here"> So using <code>ClaimTypes.Role</code> will fix the problem: <pre class="prettyprint"> services.AddAuthorization(options => { options.AddPolicy("IsAdmin", policy => { policy.RequireClaim(ClaimTypes.Role,"admin"); }); }); </pre> <h3>Demo</h3> <img src="https://i.stack.imgur.com/xllDS.png" alt="enter image description here">

Authorization Role/Policy Attributes Not Working In .Net Core 3

I've had no luck getting any Role or Policy attributes working in .Net Core 3. I started my project with the .Net Core Angular starter project with authentication. I figured this was something to do with the new .AddDefault methods so I have simplified it as much as I possibly can and it still doesn't work.

Here is my policy:

services.AddAuthorization(options =>
{
    options.AddPolicy("IsAdmin", policy =>
        policy.RequireClaim("role", "admin"));
});

Here is my controller:

[Authorize(Policy = "IsAdmin")]
[Route("api/[controller]")]
public class AdminController : Controller 
{
    ...

I made a custom Profile service that adds the claim to the token,

var claims = new List<Claim>();

if (await _userManager.IsInRoleAsync(user, "Admin"))
{
    claims.Add(new Claim(JwtClaimTypes.Role, "admin"));
}

context.IssuedClaims.AddRange(claims);

Inside my access token (from jwt.io):

enter image description here

Other parts of configure services:

services.AddDefaultIdentity<ApplicationUser>()
    .AddRoles<IdentityRole>()
    .AddEntityFrameworkStores<ApplicationDbContext>();

...

services.AddAuthentication()
    .AddIdentityServerJwt();

The plain [Authorize] tag is working fine with the access token on other controllers.

When I hit this controller with the access token I get a 403 response

What am I missing that is preventing this from working?

How does Authorize attribute work in ASP.NET Core?

Authorization in ASP.NET Core is controlled with AuthorizeAttribute and its various parameters. In its most basic form, applying the [Authorize] attribute to a controller, action, or Razor Page, limits access to that component to authenticated users. Now only authenticated users can access the Logout function.

How do I override an authorized attribute in .NET core?

Right-click on the solution and add a new class. Enter the class name and click on Add. Next Inherite Attribute, IAuthorizationFilter to CustomAuthorization class which has overridden the OnAuthorization method. The OnAuthorization Method has the AuthorizationFilterContext parameter.

Where can the Authorize attribute can be applied?

You can place the Authorize attribute on a controller or on individual actions inside the controller. When we place the Authorize attribute on the controller itself, the authorize attribute applies to all of the actions inside.

I try your code and find that the role claim key has been transformed to the standard Role ClaimsType : http://schemas.microsoft.com/ws/2008/06/identity/claims/role

enter image description here

So using ClaimTypes.Role will fix the problem:

services.AddAuthorization(options => { 
    options.AddPolicy("IsAdmin", policy => 
    { 
        policy.RequireClaim(ClaimTypes.Role,"admin");
    }); 
});

Demo

enter image description here

Authorization Role/Policy Attributes Not Working In .Net Core 3

Tags:

asp.net-core

.net-core

.net-core-3.0

asp.net-core-identity

identityserver4

levitatejay

People also ask

1 Answers

Demo

itminus

Recent Activity

Donate For Us

Authorization Role/Policy Attributes Not Working In .Net Core 3

Tags:

asp.net-core

.net-core

.net-core-3.0

asp.net-core-identity

identityserver4

levitatejay

People also ask

1 Answers

Demo

itminus

Related questions

Recent Activity

Donate For Us