search

JonPSmith / AuthPermissions.AspNetCore

This library provides extra authorization and multi-tenant features to an ASP.NET Core application.
https://www.thereformedprogrammer.net/finally-a-library-that-improves-role-authorization-in-asp-net-core/
MIT License
798 stars 160 forks source link

HasPermission Attribute #119

Open jimiscott opened 1 month ago

jimiscott commented 1 month ago

We have a .net 7 WebAPI project, and the HasPermission is reporting the following error.

System.InvalidOperationException: The AuthorizationPolicy named: 'InvoiceRead' was not found.
   at Microsoft.AspNetCore.Authorization.AuthorizationPolicy.CombineAsync(IAuthorizationPolicyProvider policyProvider, IEnumerable`1 authorizeData, IEnumerable`1 policies)
   at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddlewareImpl.Invoke(HttpContext context)
Yarp.ReverseProxy.Forwarder.HttpForwarder: Information: Received HTTP/2.0 response 500.

The User.HasPermission (extension method) on the same controller works as expected.

We think this may be related to DI. We have have tried stepping through the code and the AuthPermission tests have not turned up anything. What specifically wires up the HasPermission attribute (OR am I looking at the wrong thing completely)?

JonPSmith commented 1 month ago

Hi @jimiscott,

Your problem is that the permissions doesn't have the Permission called InvoiceRead. There could be a number ways that that a specific Permission might not work. Here are the most likely the problem.

If either of the two suggestions don't work, then have a look at the Example2 example in the AuthP code to see what it does. It very simple and might point out something you missed.