Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Owin claims - Add multiple ClaimTypes.Role

I have an application in which users can be assigned the following roles:

  • SuperAdmin
  • Admin
  • User

One user may have assigned two or more roles, eg. both SuperAdmin and User. My application uses claims, and therefore i want to authenticate user roles through claims too. like:

[Authorize(Roles="Admin")]

Unfortunately, i dont know how i can add multiple roles to my ClaimTypes.Role. I have the following code:

var identity = new ClaimsIdentity(new[] {
                new Claim(ClaimTypes.Name, name),
                new Claim(ClaimTypes.Email, email),
                new Claim(ClaimTypes.Role, "User", "Admin", "SuperAdmin")
        },
            "ApplicationCookie");

As you can see, i tried to add more roles for the sake of illustrating, but obviously its done in a wrong way, and therefore doesn't work. Any help is therefore much appreciated.

like image 991
Jeppe Christensen Avatar asked Mar 14 '17 16:03

Jeppe Christensen


2 Answers

A claims identity can have multiple claims with the same ClaimType. That will make it possible to use the HasClaim method for checking if a specific user role is present.

var identity = new ClaimsIdentity(new[] {
            new Claim(ClaimTypes.Name, name),
            new Claim(ClaimTypes.Email, email),
            new Claim(ClaimTypes.Role, "User"),
            new Claim(ClaimTypes.Role, "Admin"), 
            new Claim(ClaimTypes.Role,"SuperAdmin")
    },
        "ApplicationCookie");
like image 91
cpr43 Avatar answered Nov 03 '22 10:11

cpr43


@Parameswar Rao explained well but in case of dynamic roles

For example a user object already has property role of type list like

enter image description here

then using localfunctions

  ClaimsIdentity getClaimsIdentity()
                {
                    return new ClaimsIdentity(
                        getClaims()
                        );

                   Claim[] getClaims()
                    {
                        List<Claim> claims = new List<Claim>();
                        claims.Add(new Claim(ClaimTypes.Name, user.UserName));
                        foreach (var item in user.Roles)
                        {
                            claims.Add(new Claim(ClaimTypes.Role, item));
                        }
                        return claims.ToArray();
                    }

                }
                    var tokenDescriptor = new SecurityTokenDescriptor
                    {


                        Subject = getClaimsIdentity()
                    }
like image 5
TAHA SULTAN TEMURI Avatar answered Nov 03 '22 10:11

TAHA SULTAN TEMURI