Daniel Santos
Daniel Santos

Reputation: 15999

ASP.NET Core 2.0 unable to check if user is in role properly in Razor view or controller [authorize] annotation

I'm working on a legacy project with roles based authorization but I'm having some issues. User.IsInRole("admin") and [Authorize(Roles = "admin")] always failing Authorization. the User.IsInRole() always returns False. I'm pretty sure that user was properly added to the role. Role name 'admin' is already taken. User already in role 'admin'.

Maybe some service are influencing another.

Here is my startup.cs resumed code:

public void ConfigureServices(IServiceCollection services){

    services.AddDbContext<ApplicationDbContext>(options => options.UseMySql(connetctionString));

    services.AddIdentity<ApplicationUser, IdentityRole>()
        .AddEntityFrameworkStores<ApplicationDbContext>()
        .AddDefaultTokenProviders();

    services.AddScoped<IUserClaimsPrincipalFactory<ApplicationUser>, CustomUserClaimsPrincipalFactory>();
    services.AddMvc();
    services.AddDistributedMemoryCache();
    services.AddSession();
}

public void Configure(IApplicationBuilder app, IHostingEnvironment env){
    app.UseStaticFiles();
    app.UseAuthentication();
    app.UseMvc(routes => {...});
}

What am I missing?

PS. Yes, I logged ou and login.

PS. Yes the user is in the role admin

PS. the "admin" are correct in lowercase

PS. ApplicationDbContext inherits IdentityDbContext

Ps2. Here is my Data

SELECT id,username FROM aspnetusers;

|id          | username        |
|c4f7bf16... | [email protected] |

SELECT Id,Name FROM aspnetroles;

|Id          | Name  |
|50e2a572... | admin |

SELECT * FROM aspnetuserroles;

|UserId      | RoleId     |
|c4f7bf16... | 50e2a572...|

Upvotes: 8

Views: 3180

Answers (4)

Daniel Santos
Daniel Santos

Reputation: 15999

After a lot of mistakes I finally found what I was missing.

I was extending only UserClaimsPrincipalFactory<ApplicationUser>not UserClaimsPrincipalFactory<ApplicationUser, IdentityRole>.

After correct extending the roles was able to be claimend.

public class MyUserClaimsPrincipalFactory : UserClaimsPrincipalFactory<ApplicationUser, IdentityRole>

Upvotes: 2

ste-fu
ste-fu

Reputation: 7497

I have a feeling that this is because your Roles and your Claims are mixed up somewhere.

According to the docs the ClaimsPrincipal.IsInRole() method checks for Claims of type ClaimsIdentity.RoleClaimType.

It is possible to set a Claim of "admin" without it being of ClaimType ClaimsIdentity.RoleClaimType in which case it will fail authentication.

Upvotes: 3

Edward
Edward

Reputation: 30056

One more possible for your issue, please check whether your role name is admin.

For Authorize or User.IsInRole, it is case-sensitive, which means if your role name is Admin, it will fail for User.IsInRole("admin") or [Authorize(Roles = "admin")].

For one way to check whether it is admin, try await _userManager.IsInRoleAsync(user, "user") :

        var user = await _userManager.FindByNameAsync(User.Identity.Name);

        var r1 = User.IsInRole("User");
        var r2 = User.IsInRole("user");
        var r3 = await _userManager.IsInRoleAsync(user, "user");

You may try to define role as const to avoid case missmatch.

Upvotes: 1

Munendra Kumar
Munendra Kumar

Reputation: 33

identity server configured to return role in claims after authentication.you can check claim in the controller.

Like this

var claims = User.Claims.ToList();

Upvotes: 1

Related Questions