Authorization Role/Policy Attributes Not Working In .Net Core 3

Question

I've had no luck getting any Role or Policy attributes working in .Net Core 3. I started my project with the .Net Core Angular starter project with authentication. I figured this was something to do with the new .AddDefault methods so I have simplified it as much as I possibly can and it still doesn't work.

Here is my policy:

services.AddAuthorization(options =>
{
    options.AddPolicy("IsAdmin", policy =>
        policy.RequireClaim("role", "admin"));
});

Here is my controller:

[Authorize(Policy = "IsAdmin")]
[Route("api/[controller]")]
public class AdminController : Controller 
{
    ...

I made a custom Profile service that adds the claim to the token,

var claims = new List<Claim>();

if (await _userManager.IsInRoleAsync(user, "Admin"))
{
    claims.Add(new Claim(JwtClaimTypes.Role, "admin"));
}

context.IssuedClaims.AddRange(claims);

Inside my access token (from jwt.io):

Other parts of configure services:

services.AddDefaultIdentity<ApplicationUser>()
    .AddRoles<IdentityRole>()
    .AddEntityFrameworkStores<ApplicationDbContext>();

...

services.AddAuthentication()
    .AddIdentityServerJwt();

The plain [Authorize] tag is working fine with the access token on other controllers.

When I hit this controller with the access token I get a 403 response

What am I missing that is preventing this from working?

Answer 1

I try your code and find that the role claim key has been transformed to the standard Role ClaimsType : http://schemas.microsoft.com/ws/2008/06/identity/claims/role

So using ClaimTypes.Role will fix the problem:

services.AddAuthorization(options => { 
    options.AddPolicy("IsAdmin", policy => 
    { 
        policy.RequireClaim(ClaimTypes.Role,"admin");
    }); 
});

Demo