Hossein Fallah
Reputation: 2539
How to add a policy for role in ASP.NET Core for JWT?
I know that I can add a policy for my JWT custom claim this way:
services.AddAuthorization(options =>
{
options.AddPolicy("HasRole", policy => policy.RequireClaim("role", "Teacher"));
});
However, my JWT token has an array of roles:
// parsed jwt token
{
...,
roles: ['Teacher', 'Parent', 'Admin']
...
}
And I don't know how to rewrite the above code:
services.AddAuthorization(options =>
{
options.AddPolicy("IsTeacher",
policy => policy.RequireClaim("roles", /*what should I write here*/));
});
How can I require an item of an array in RequireClaim?
Upvotes: 1
Views: 5997
Answers (1)
Michael
Reputation: 1276
You can set your policies according to your roles with RequireRole():
services.AddAuthorization(o =>
{
// Teacher or admin can access.
o.AddPolicy("RequireTeacherRole", p => p.RequireRole("teacher", "admin"));
// Only admin can access.
o.AddPolicy("RequireAdminRole", p => p.RequireRole("admin"));
});
Now you can protect your MVC/API controllers or razor pages
[Authorize(Policy = "RequireTeacherRole")]
public class MyController : Controller
{
// ...
}
Upvotes: 2
Related Questions
- How to add Policy and Role in JwtSecurityTokenHandler in asp.net CORE
- Set up JWT Policies with Claims in .NET Core 3.1?
- JWT authorization with roles in Identity Core
- ASP.NET Core JWTAuthentication and Authorize Role Claims
- ASP.NET Core Jwt 401 Unauthorized. Policy auth
- How do I make and use JWT role based authentication?
- Set Authorization Policy from roles stored in JWT
- JWT Authentication by role claims in ASP.NET core Identity
- Jwt Role authentication in controller ASP.net core 2.1
- Custom policy auth in ASPNET Core 2 (jwt auth)