damienbod / Blazor.BFF.OpenIDConnect.Template

Blazor.BFF.OpenIDConnect.Template, Blazor WASM hosted in ASP.NET Core using OpenID Connect BFF (server authentication)
https://www.nuget.org/packages/Blazor.BFF.OpenIDConnect.Template/
MIT License
128 stars 18 forks source link

Adding roles #49

Closed DreamDelerium closed 1 year ago

DreamDelerium commented 1 year ago

Hello. Thank you for this great templatge. Is it possible to add roles to the Authorization (or am I missing something in my code)? I have tried but I still get a 403 Forbidden Error. These are the changes I made:

Server Program.cs

builder.Services.AddDefaultIdentity<ApplicationUser>()
    .AddRoles<IdentityRole>()
    .AddEntityFrameworkStores<ApplicationDbContext>();

Server UserController.cs //hardcode the Admin role to test:

var claims = claimsPrincipal.FindAll(userInfo.NameClaimType)
   .Select(u => new ClaimValue(userInfo.NameClaimType, u.Value))
   .ToList();
 claims.Add(new ClaimValue("role", "Administrator"));
 userInfo.Claims = claims;

DirectApiController.cs

[ValidateAntiForgeryToken]
[Authorize(AuthenticationSchemes = CookieAuthenticationDefaults.AuthenticationScheme)]
[ApiController]
[Authorize(Roles = "Administrator")]
[Route("api/[controller]")]
public class DirectApiController : ControllerBase
{
    [HttpGet]
    public IEnumerable<string> Get() => new List<string> { "some data", "more data", "loads of data" };
}

When this code runs, I can see that the "role" called "Administrator" gets added to the user. But, when the function SendAsync, in the AuthorizedHandler class is called, this function:

responseMessage = await base.SendAsync(request, cancellationToken);

will run and return a 403 Forbidden error. How can I add roles to this Blazor WASM Core hosted app? While the Authorize attribute doesnt seem to work on the Controller, it does seem to work on the Razor page attributes. Thank!

DreamDelerium commented 1 year ago

I went and did a new deployment and I think the issue is not on the Server authorization but the Client. I kept it very simple. In the Server Program.cs file I added this to the ​AddOpenIdConnect method:

options.Events.OnTokenValidated = async context =>{  
   context.Princepal?Identities.FirstOrDefault()?.AddClaim(new Claim("role", "Administrator"));
}

Then in my Controller, I added this Attribute: [Authorize(Roles="Administrator")] and this works fine. But, in the razor page, when I add either this:

<AuthorizeView Roles="Administrator">
</AuthorizeView >

or

@attribute[Authorize(Roles="Administrator")]

The razor page will say it is not authorized to view the content. If I remove the Role requirement (and just have Authorize) it works fine. It doesn't seem like it recognizes the Role claims?

DreamDelerium commented 1 year ago

I realize the mistake was with me. I had to include the roles in the UserController.cs file

DreamDelerium commented 1 year ago

I realize the mistake was with me. I had to include the roles in the UserController.cs file

damienbod commented 1 year ago

@DreamDelerium cool, thanks for the feedback, glad you got it working, sorry I did not get around to answering, was a busy week so far

Greetings Damien