i working on claim base authentication , working fine. want add role autorization. have role claim user (eg. "admin")
when isinrole() method called, there check made see if current user has role. in claims-aware applications, role expressed role claim type should available in token. role claim type expressed using following uri: http://schemas.microsoft.com/ws/2008/06/identity/claims/role
//include claims //claims list<claim> claims var id = new claimsidentity(claims, "cookies"); request.getowincontext().authentication.signin(id); if check if user in role false. although have role claim "admin" value
user.isinrole("admin"); also authorize attrubute on api not work
[authorize (roles = "admin")] i misih logic how make roles visible user. not enough have roles in list of claims?
probably, claimtype of claim "role".
you should create claim using microsoft schema:
manager.addclaim(dn1.id, claim: new claim(claimtypes.role.tostring(), "administrator")); then user.isinrole("admin"); , [authorize (roles = "admin")]will work properly.
this because microsoft identity uses schema:
http://schemas.microsoft.com/ws/2008/06/identity/claims/role
when role checking. suggest check aspnetidentity database have complete view of how che claim inserted. i'm pretty sure claimtype of aspnetuserclaims not microsoft schema.
regards
Comments
Post a Comment