Access to Roles and Claims

tibold / IdentityServer4.Contrib.AspNetIdentity

Apache License 2.0

13 stars 3 forks source link

Access to Roles and Claims #1

Open killermouse opened 8 years ago

killermouse commented 8 years ago

Hi, in MVC application how i have access to roles and claims? To use like [Authorize(Roles = "Admin")].

Best regards

tibold commented 8 years ago

I have updated the sample project to use the correct claims for username and roles: 9dd751c

When this works you can refer to the ASP.NET 5 docs on authorization to use either role based or claim based authorization.

killermouse commented 8 years ago

Thank you @tibold , but i still fail to realize how to use the roles obtained from the IdentityServer application, and use them in the application MVC! I created role in aspNetRoles and related with a user in table aspNetUserRoles. How i have access to this role in MVC application after authentication in IdentityServer?

killermouse commented 8 years ago

Ok, i already can use the role that i create. I created a new scope: new Scope { Enabled = true, Name = "roles", DisplayName = "Roles", Description = "Roles Scope", Type = ScopeType.Identity, Claims = new List { new ScopeClaim("role") } }

and then in MVC applications: oidcOptions.Scope.Add("roles");

But if i have two or more roles defined to the user, the roles don't work! Any ideia?

tibold commented 8 years ago

Yes, you are correct. You need to have a scope defined in IdentityServer that has a "role" claim assigned and the client must ask for that scope. In case you use the AllowedScope list on the clients that needs updating as well. I'll update the sample to include those.

You may also use the built-in scope from IdentityServer4: IdentityServer4.Core.Models.StandardScopes.Roles

killermouse commented 8 years ago

Yes.

But there is a problem! If i have two or more roles defined to the user, the roles don't work!! If i only have one role defined works! Do you know the problem?

tibold commented 8 years ago

I'll make a test case when I get home and let you know.

killermouse commented 8 years ago

I insert in scopes the next line: StandardScopes.AllClaims,

In the Clients the next line: StandardScopes.AllClaims.Name

In the MVC startup.cs: oidcOptions.Scope.Add("all_claims");

And now the roles are working!

elfarouqy commented 7 years ago

Hello Killermouse Can send some exemple about how can you get Role in MVC aplication Because i have like your probelem