search

JonPSmith / AuthPermissions.AspNetCore

This library provides extra authorization and multi-tenant features to an ASP.NET Core application.
https://www.thereformedprogrammer.net/finally-a-library-that-improves-role-authorization-in-asp-net-core/
MIT License
788 stars 159 forks source link

API using AuthP and AzureAd Token #84

Closed Luis-G closed 1 year ago

Luis-G commented 1 year ago

Hello.

I hope I can properly explain the issue I am having.

I am currently working in a project (.Net7) and I am using Azure Ad first time and your library also for the first time. Since one of the requirements is the usage of MariaDB. That was the easy part thanks to the flexibility of your library. As least the creation of the db and the tables. AddRolesPermissionsIfEmpty AddTenantsIfEmpty AddAuthUsersIfEmpty all work.

The issue is that I keep getting 403 in postman and the console Authorization failed. These requirements were not met: AuthPermissions.AspNetCore.PolicyCode.PermissionRequirement [14:23:33 INF] AuthenticationScheme: Bearer was forbidden. when I try [HasPermission] but [Authorize] works ok.

I tried following your Example 5 but in my case I use AddMicrosoftIdentityWebApiAuthentication if I use AddMicrosoftIdentityWebAppAuthentication postman returns an html page

I tried using webBuilder.Services.RegisterAuthPermissions(opt => { opt.TenantType = TenantTypes.SingleLevel; }) .AzureAdAuthentication(AzureAdEventSettings.AzureAdDefaultSettings(JwtBearerDefaults.AuthenticationScheme)) .UsingEfCoreMariaDb("connection") .AddRolesPermissionsIfEmpty(ApiAuthSetupData.RolesDefinition) .AddTenantsIfEmpty(ApiAuthSetupData.TenantDefinition) .AddAuthUsersIfEmpty(ApiAuthSetupData.UsersRolesDefinition) .RegisterAuthenticationProviderReader() .SetupAspNetCoreAndDatabase();

and

webBuilder.Services .RegisterAuthPermissions(opt => { opt.TenantType = TenantTypes.SingleLevel; opt.ConfigureAuthPJwtToken = new AuthPJwtConfiguration { Issuer = jwtData.Issuer, Audience = jwtData.Audience, SigningKey = jwtData.SigningKey, TokenExpires = new TimeSpan(0, 5, 0), //Quick Token expiration because we use a refresh token RefreshTokenExpires = new TimeSpan(1, 0, 0, 0) //Refresh token is valid for one day }; }) .AzureAdAuthentication(AzureAdEventSettings.AzureAdDefaultSettings(JwtBearerDefaults.AuthenticationScheme)) .UsingEfCoreMariaDb("connection") .AddRolesPermissionsIfEmpty(ApiAuthSetupData.RolesDefinition) .AddTenantsIfEmpty(ApiAuthSetupData.TenantDefinition) .AddAuthUsersIfEmpty(ApiAuthSetupData.UsersRolesDefinition) .RegisterAuthenticationProviderReader() .SetupAspNetCoreAndDatabase();

Not sure what I am missing, I hope you can point in the right direction.

Thank you.

Luis-G commented 1 year ago

Hi. Just to let you know that I managed to get it working. I had to override SetupOpenAzureAdOpenId. Thank you anyway. Keep up the good work.