Home > Net >  ASP.Net Core 6 - Authorize Roles not working
ASP.Net Core 6 - Authorize Roles not working

Time:02-02

I have read through countless tutorials, articles and questions.

I cannot figure out why [Authorize(Roles = "SuperAdmin")] or any other role is not working. Everyone gets 403 regardless of the role specified:

//[Authorize(Roles = "SuperAdmin")] - Commented out to debug roles
public async Task<IActionResult> Index()
{
    var userID = User.FindFirstValue(ClaimTypes.NameIdentifier);
    var user = await _userManager.FindByIdAsync(userID);
    var roles = await _userManager.GetRolesAsync(user);

    return View();
}

When I debug the user, I can see that they have the role: enter image description here

But they still get a 403 on any controller that authorizes roles.

Here are the relevant bits of my program.cs:

builder.Services.AddIdentity<TMSUser, IdentityRole>(options => options.SignIn.RequireConfirmedAccount = true)
    .AddEntityFrameworkStores<ApplicationDbContext>()
    .AddClaimsPrincipalFactory<MyUserClaimsPrincipalFactory>()
    .AddRoleManager<RoleManager<IdentityRole>>()
    .AddTokenProvider<DataProtectorTokenProvider<TMSUser>>(TokenOptions.DefaultProvider);

builder.Services.ConfigureApplicationCookie(options =>
{
    options.AccessDeniedPath = new PathString("/Home/HandleError/401");
    options.LoginPath = new PathString("/Home/Portal");
});

builder.Services.AddAutoMapper(typeof(Program));
builder.Services.AddControllersWithViews();

builder.Services.AddDatabaseDeveloperPageExceptionFilter();
builder.Services.AddControllers().AddNewtonsoftJson(options =>
{
    options.SerializerSettings.ContractResolver = new DefaultContractResolver();
});

builder.Services.AddTransient<IEmailSender, EmailSender>();
builder.Services.AddTransient<ITools, Tools>();

builder.Services.Configure<AuthMessageSenderOptions>(builder.Configuration);

builder.Services.AddMvc(options =>
{
    var policy = new AuthorizationPolicyBuilder()
        .RequireAuthenticatedUser()
        .Build();
    options.Filters.Add(new AuthorizeFilter(policy));
});

var app = builder.Build();

app.UseStatusCodePagesWithReExecute("/Home/HandleError/{0}");
app.UseHsts();

using (var scope = app.Services.CreateScope())
{
    var services = scope.ServiceProvider;

    var context = services.GetRequiredService<TMSContext>();
    context.Database.EnsureCreated();
}

app.UseHttpsRedirection();
app.UseStaticFiles();

app.UseRouting();

app.UseAuthentication();
app.UseAuthorization();

app.MapControllerRoute(
    name: "default",
    pattern: "{controller=Home}/{action=Index}/{id?}");

app.MapRazorPages();

app.Run();

I have changed my code countless times over the last few months trying to get this to work, but now I'm just begging for help. This is very frustrating! What have I missed? Could something else in my code be preventing this from working properly?

Thank you!

CodePudding user response:

check what you are getting with User.FindAll(ClaimTypes.Role).ToList()

after that check "SuperAdmin" coming in list or not?, if your issue not resolved than post your GetRolesAsync function.

CodePudding user response:

its seems like you have to add the services.AddDefaultIdentity<TMSUser>()

so the complete code would look like

services.AddDefaultIdentity<ApplicationUser>()
                .AddRoles<IdentityRole>()
                .AddEntityFrameworkStores<ICMSDbContext>()
                .AddClaimsPrincipalFactory<CustomClaimsPrincipalFactory>();

Page link:https//www.codepudding.com/net/689990.html

Prev:Sort List by Object type property using extension method - Asp.Net Core 6
Next:How do I reference a Blazor WASM project to another Blazor WASM?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding