Reputation: 15999
ASP.NET Core 2.0 unable to check if user is in role properly in Razor view or controller [authorize] annotation
I'm working on a legacy project with roles based authorization but I'm having some issues. User.IsInRole("admin") and [Authorize(Roles = "admin")] always failing Authorization. the User.IsInRole() always returns False. I'm pretty sure that user was properly added to the role. Role name 'admin' is already taken. User already in role 'admin'.
Maybe some service are influencing another.
Here is my startup.cs resumed code:
public void ConfigureServices(IServiceCollection services){
services.AddDbContext<ApplicationDbContext>(options => options.UseMySql(connetctionString));
services.AddIdentity<ApplicationUser, IdentityRole>()
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();
services.AddScoped<IUserClaimsPrincipalFactory<ApplicationUser>, CustomUserClaimsPrincipalFactory>();
services.AddMvc();
services.AddDistributedMemoryCache();
services.AddSession();
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env){
app.UseStaticFiles();
app.UseAuthentication();
app.UseMvc(routes => {...});
}
What am I missing?
PS. Yes, I logged ou and login.
PS. Yes the user is in the role admin
PS. the "admin" are correct in lowercase
PS. ApplicationDbContext inherits IdentityDbContext
Ps2. Here is my Data
SELECT id,username FROM aspnetusers;
|id | username |
|c4f7bf16... | [email protected] |
SELECT Id,Name FROM aspnetroles;
|Id | Name |
|50e2a572... | admin |
SELECT * FROM aspnetuserroles;
|UserId | RoleId |
|c4f7bf16... | 50e2a572...|
Upvotes: 8
Views: 3180
Answers (4)
Reputation: 15999
After a lot of mistakes I finally found what I was missing.
I was extending only UserClaimsPrincipalFactory<ApplicationUser>not UserClaimsPrincipalFactory<ApplicationUser, IdentityRole>.
After correct extending the roles was able to be claimend.
public class MyUserClaimsPrincipalFactory : UserClaimsPrincipalFactory<ApplicationUser, IdentityRole>
Upvotes: 2
Reputation: 7497
I have a feeling that this is because your Roles and your Claims are mixed up somewhere.
According to the docs the ClaimsPrincipal.IsInRole() method checks for Claims of type ClaimsIdentity.RoleClaimType.
It is possible to set a Claim of "admin" without it being of ClaimType ClaimsIdentity.RoleClaimType in which case it will fail authentication.
Upvotes: 3
Reputation: 30056
One more possible for your issue, please check whether your role name is admin.
For Authorize or User.IsInRole, it is case-sensitive, which means if your role name is Admin, it will fail for User.IsInRole("admin") or [Authorize(Roles = "admin")].
For one way to check whether it is admin, try await _userManager.IsInRoleAsync(user, "user") :
var user = await _userManager.FindByNameAsync(User.Identity.Name);
var r1 = User.IsInRole("User");
var r2 = User.IsInRole("user");
var r3 = await _userManager.IsInRoleAsync(user, "user");
You may try to define role as const to avoid case missmatch.
Upvotes: 1
Reputation: 33
identity server configured to return role in claims after authentication.you can check claim in the controller.
Like this
var claims = User.Claims.ToList();
Upvotes: 1
Related Questions
- ASP.NET Core Identity 2: User.IsInRole always returns false
- User.IsInRole return false
- .net core identity 2.1 role authorize not working
- ASP.NET Core 2.1: Razor Pages - role based authorisation not working
- authentication roles doesn't work .net core mvc
- Checking if a user is in a role in asp.net mvc Identity
- Checking roles with ASP:Net Identity 2.1 does not work
- User.IsInRole() always returns false only in controller
- Asp Core, check if user is in Role in Identity 1.1?
- User.IsInRole not working. How to check rolebased authorization?