CODEWITHSUNDEEP
c#asp.netasp.net-core
Mr Coder
Mr Coder

Reputation: 847

Create ClaimsIdentityOptions for role SecurityStamp in asp.net core 3.0

I need to check RoleSecurityStamp in .net core authentication based on JWT.

I have populated the token claims like this:

public IEnumerable<Claim> CustomClaims(LoginResult user)
    {
        var securityStampClaimType = new ClaimsIdentityOptions().SecurityStampClaimType;
        var rolesecurityStampClaimType = new ClaimsIdentityOptions().SecurityStampClaimType;

        var claims = new List<Claim>
        {
            new Claim(ClaimTypes.Name,user.Username),
            new Claim(ClaimTypes.NameIdentifier,user.Id.ToString()),
            new Claim(securityStampClaimType,user.UserSecurityStamp.ToString()),
            new Claim(rolesecurityStampClaimType,user.RoleSecurityStamp.ToString())
        };
        return claims;
    }

I need to check it in OnTokenValidated:

 OnTokenValidated = async context =>
                {
                    var userService = context.HttpContext.RequestServices.GetRequiredService<IUseServiceDapper>();
                    var claimsIdentity = context.Principal.Identity as ClaimsIdentity;
                    var securityStamp =Guid.Parse(claimsIdentity.FindFirstValue(new ClaimsIdentityOptions().SecurityStampClaimType));
                    var userId = claimsIdentity.GetUserId<int>();
                    var userSecurityInfo = await userService.UserSecurityInfo(userId);

                    //if (claimsIdentity.Claims?.Any != true)
                    //    context.Fail("Token Has No Claim");

                    if (securityStamp == null)
                        context.Fail("Token Has No SecurityStamp");

                    if (userSecurityInfo.Result.IsActive == false)
                        context.Fail("User Not Active");

                    if (userSecurityInfo.Result.UserSecurityStamp != securityStamp)
                        context.Fail("Security Stamp Not Matched");
                },

I have found the UserSecurityStamp by using the following code:

var securityStamp = Guid.Parse(claimsIdentity.FindFirstValue(new ClaimsIdentityOptions().SecurityStampClaimType));

but I cannot find the RoleSecurityStamp.

How Can I Find Role Security Stamp and Check It ????

Upvotes: 2

Views: 1535

Answers (1)

KiKoS
KiKoS

Reputation: 438

You are giving the same claim type to your UserSecurityStamp and RoleSecurityStamp which is

ClaimsIdentityOptions().SecurityStampClaimType;

which basically defaults to : "AspNet.Identity.SecurityStamp" so to be able to find your RoleSecurityStamp you need to give it a different claim type and you FindFirstValue that type instead, or you can instead try FindAll() which will return a list that contains the UserSecurityStamp and RoleSecurityStamp.

Edit:

Same claim type example:

        var securityStampsList = claimsIdentity.FindAll(new ClaimsIdentityOptions().SecurityStampClaimType).ToList();
        var securityStamp = Guid.Parse(securityStampsList[0].Value);
        var roleSecurityStamp = Guid.Parse(securityStampsList[1].Value);

Upvotes: 2

Related Questions