Reputation: 15999
I'm working on a legacy project with roles based authorization but I'm having some issues. User.IsInRole("admin")
and [Authorize(Roles = "admin")]
always failing Authorization. the User.IsInRole()
always returns False
. I'm pretty sure that user was properly added to the role. Role name 'admin' is already taken.
User already in role 'admin'.
Maybe some service are influencing another.
Here is my startup.cs resumed code:
public void ConfigureServices(IServiceCollection services){
services.AddDbContext<ApplicationDbContext>(options => options.UseMySql(connetctionString));
services.AddIdentity<ApplicationUser, IdentityRole>()
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();
services.AddScoped<IUserClaimsPrincipalFactory<ApplicationUser>, CustomUserClaimsPrincipalFactory>();
services.AddMvc();
services.AddDistributedMemoryCache();
services.AddSession();
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env){
app.UseStaticFiles();
app.UseAuthentication();
app.UseMvc(routes => {...});
}
What am I missing?
PS. Yes, I logged ou and login.
PS. Yes the user is in the role admin
PS. the "admin" are correct in lowercase
PS. ApplicationDbContext inherits IdentityDbContext
Ps2. Here is my Data
SELECT id,username FROM aspnetusers;
|id | username |
|c4f7bf16... | [email protected] |
SELECT Id,Name FROM aspnetroles;
|Id | Name |
|50e2a572... | admin |
SELECT * FROM aspnetuserroles;
|UserId | RoleId |
|c4f7bf16... | 50e2a572...|
Upvotes: 8
Views: 3180
Reputation: 15999
After a lot of mistakes I finally found what I was missing.
I was extending only UserClaimsPrincipalFactory<ApplicationUser>
not UserClaimsPrincipalFactory<ApplicationUser, IdentityRole>
.
After correct extending the roles was able to be claimend.
public class MyUserClaimsPrincipalFactory : UserClaimsPrincipalFactory<ApplicationUser, IdentityRole>
Upvotes: 2
Reputation: 7497
I have a feeling that this is because your Roles
and your Claims
are mixed up somewhere.
According to the docs the ClaimsPrincipal.IsInRole() method checks for Claims of type ClaimsIdentity.RoleClaimType
.
It is possible to set a Claim of "admin" without it being of ClaimType ClaimsIdentity.RoleClaimType
in which case it will fail authentication.
Upvotes: 3
Reputation: 30056
One more possible for your issue, please check whether your role name is admin
.
For Authorize
or User.IsInRole
, it is case-sensitive, which means if your role name is Admin
, it will fail for User.IsInRole("admin")
or [Authorize(Roles = "admin")]
.
For one way to check whether it is admin
, try await _userManager.IsInRoleAsync(user, "user")
:
var user = await _userManager.FindByNameAsync(User.Identity.Name);
var r1 = User.IsInRole("User");
var r2 = User.IsInRole("user");
var r3 = await _userManager.IsInRoleAsync(user, "user");
You may try to define role
as const to avoid case missmatch.
Upvotes: 1
Reputation: 33
identity server configured to return role in claims after authentication.you can check claim in the controller.
Like this
var claims = User.Claims.ToList();
Upvotes: 1