cornflourblue / aspnet-core-3-signup-verification-api

ASP.NET Core 3.1 - Boilerplate API with Email Sign Up, Verification, Authentication & Forgot Password
https://jasonwatmore.com/post/2020/07/06/aspnet-core-3-boilerplate-api-with-email-sign-up-verification-authentication-forgot-password
MIT License
226 stars 92 forks source link

Roles doesn't seem to work. Should AuthorizeAttribute (custom Attribute) be used? #14

Open jaybo opened 4 years ago

jaybo commented 4 years ago

I'm finding that any API which uses:

[Authorize(Role.Admin)]

never gets called, due to Authorization failure even for Admin defined users. I'm guessing this is because there is a class called AuthorizeAttribute which is located in the Helpers folder but is never invoked. So, for GetAll() in AccountsControler.cs I tried replacing:

        [Authorize(Role.Admin)]
        [HttpGet]
        public ActionResult<IEnumerable<AccountResponse>> GetAll()

with:

        [AuthorizeAttribute(Role.Admin)]   // NOTE CHANGE TO AuthorizeAttribute
        [HttpGet]
        public ActionResult<IEnumerable<AccountResponse>> GetAll()

So now, the custom AuthorizeAttribute does get called, but Authorization still fails since the account isn't yet inserted into the HttpContext, so the role can't be confirmed.

How was this ever supposed to work?

Dikachi-Dev commented 4 years ago

Having the same problem

I checked my database and notice that Role is set as an Integer, so when a user is created instead of registering role as either Admin or User it sets it as 0 or 1

I think that's because Enum on default registers its Values as Int

Still trying to find a workover though