Reputation: 40002
ASP.NET Identity "Role-based" Claims
I understand that I can use claims to make statements about a user:
var claims = new List<Claim>();
claims.Add(new Claim(ClaimTypes.Name, "Peter"));
claims.Add(new Claim(ClaimTypes.Email, "[email protected]"));
But how should I store "role-based" claims? For example:
The user is a super administrator.
claims.Add(new Claim("IsSuperAdmin, "true"));
The value parameter "true" feels completely redundant. How else can this statement be expressed using claims?
Upvotes: 26
Views: 36258
Answers (3)
Reputation: 31
You need to specify the Role in a claim with a type of ClaimsType.Role and then specify the claim type that contains the role in the ClaimsIdentity as shown below.
var claimsIdentity = new ClaimsIdentity(new[]
{
new Claim(ClaimTypes.Email, "[email protected]"),
new Claim(ClaimTypes.Name, "Peter"),
new Claim(ClaimTypes.Role, "SuperAdmin"),
},
"ApplicationCookie", ClaimTypes.Email, ClaimTypes.Role);
This will then allow you to use the [Authorize(Roles = "SuperAdmin")] attribute in your controllers.
Upvotes: 3
Reputation: 35106
This is already done for you by the framework. When user is logged in, all user roles are added as claims with claims type being ClaimTypes.Role and values are role name.
And when you execute IPrincipal.IsInRole("SuperAdmin") the framework actually checks if the claim with type ClaimTypes.Role and value SuperAdmin is present on the user.
So don't need to do anything special. Just add a user to a role.
Upvotes: 40
Related Questions
- ASP.NET Core Identity Role, Claim and User
- Claim based authorization in ASP.NET Core
- Claims based authorization in ASP.NET Core
- ASP.NET Identity - using roles as predefined claim sets
- Change from Roles authorization to Claims authorization
- ASP.NET Identity Claims
- Using Claims for Roles in ASP.NET Identity 2
- Role based claims in Identity Server 3 + AspNet Identity
- Claims without roles?
- Confusion on when and if to use Claims and Roles with Asp.net Identity 2