Reputation: 3253
Asp.net identity - How to maintain logged in user role?
I m using Angularjs project and using Asp.net identity custom storage provider with Enterprise library for token authentication.
Implemented custom userstore to create an account.
[Authorize] attribute works well after logged in. i want to restrict the method for particular user.
So tried to implement [Authorize(Roles="Admin,User")].
Here one user can have two roles in practical. But as per the system, when user login, we restrict the user to select the particular role.
So, after validated by asp.net identity, user should select any one of the role.
Here my need is,
I want to maintain the role which he selected (we consider this concept like impersonate user, but not exactly).
Or,
Need to implement in the Authorize attribute itself.
I've seen some of the examples like we can add claim to identity.
But I can add custom claims only inside the method,
GenerateUserIdentityAsync
in my case I need to add claim after log in validated. I've gone through some example and implemented like following.
ClaimsIdentity identity = new ClaimsIdentity(DefaultAuthenticationTypes.ApplicationCookie);
identity.AddClaim(new Claim(ClaimTypes.Role, "Test"));
After added claim, when I try to get the claim to check the logged in user role,
List<Claim> claim = claims.Where(c => c.Type == ClaimTypes.Role).ToList();
I didn't get the Role "Test".
Here my bad luck is, in claims, I've all the roles of the user except role = test
How to authorize the user role or maintain logged in here..
Upvotes: 0
Views: 1441
Answers (1)
Reputation: 6258
I see at least three solutions for your problem:
Use a claim transformation to filter the role claims, to match a role the user choose. You can use a claim transformation middleware or you can filter the claims during login (be aware, that you do not know the user roles BEFORE login, and afterwards filtering might be too late). PRO Does not necessarily need session state; CON User can not choose during runtime.
Store the role in the session and authenticate against that role. Make sure, that you check against the role claims, when the user chooses his role. PRO User might change role without re-sign-in. CON Needs session state (Might be an issue in farm environments).
Don't do it at all and I'm totally serious about that. Provide your user a clean interface, that makes him know, what role he has and use areas and other technics to separate the concerns.
Upvotes: 2
Related Questions
- Identity in front-end
- ASP.NET Core 3.1 + Angular 9 role based authentication
- ASP.NET Core 3 with Angular 8, ASP.NET Core Identity, Roles and token based authentication
- Asp.net Identity: change user role while logged in
- IdentityServer role/permissions in AngularJS and WebAPI
- ASP.NET MVC User role in Angular2
- ASP.NET User Identity
- MVC angularJs login and save authentication for other pages
- How to save and access UserContext.Identity (MVC/C#) for use with AngularJS?
- Returning User Roles to an AngularJS app from ASP.NET Identity using OAuth and bearer tokens