IMPORTANT!
This forum is now archived. Click here for the New Support Forum
Problem with the authentication
Quote from Ingo on April 3, 2018, 3:03 pmHi,
I've created an additional role, and now I want only one user with that role to get access to the API. So far I have added the following code.
Plain textCopy to clipboardOpen code in new windowEnlighterJS 3 Syntax Highlighterpublic static class ApplicationPermissions{public static ApplicationPermission EmployeeRoles = new ApplicationPermission("Employee Roles", "employee.view", RolesPermissionGroupName, "Permission for employees");}public static class ApplicationPermissions { public static ApplicationPermission EmployeeRoles = new ApplicationPermission("Employee Roles", "employee.view", RolesPermissionGroupName, "Permission for employees"); }public static class ApplicationPermissions { public static ApplicationPermission EmployeeRoles = new ApplicationPermission("Employee Roles", "employee.view", RolesPermissionGroupName, "Permission for employees"); }The role exists in the database and can be assigned to the user. As well as everything ok.
In the source Policies I add.
Plain textCopy to clipboardOpen code in new windowEnlighterJS 3 Syntax Highlighterpublic class Policies{public const string Employee = "Employee";}public class Policies { public const string Employee = "Employee"; }public class Policies { public const string Employee = "Employee"; }I create this class in the Authorization directory:
Plain textCopy to clipboardOpen code in new windowEnlighterJS 3 Syntax Highlighterpublic class EmployeeRoleAuthorizationRequirement : IAuthorizationRequirement{public class EmployeeAuthorizationHandler : AuthorizationHandler<EmployeeRoleAuthorizationRequirement, string>{protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, EmployeeRoleAuthorizationRequirement requirement, string roleName){if (context.User == null)return Task.CompletedTask;if (context.User.HasClaim(ClaimConstants.Permission, ApplicationPermissions.EmployeeRoles) || context.User.IsInRole(roleName))context.Succeed(requirement);return Task.CompletedTask;}}}public class EmployeeRoleAuthorizationRequirement : IAuthorizationRequirement { public class EmployeeAuthorizationHandler : AuthorizationHandler<EmployeeRoleAuthorizationRequirement, string> { protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, EmployeeRoleAuthorizationRequirement requirement, string roleName) { if (context.User == null) return Task.CompletedTask; if (context.User.HasClaim(ClaimConstants.Permission, ApplicationPermissions.EmployeeRoles) || context.User.IsInRole(roleName)) context.Succeed(requirement); return Task.CompletedTask; } } }public class EmployeeRoleAuthorizationRequirement : IAuthorizationRequirement { public class EmployeeAuthorizationHandler : AuthorizationHandler<EmployeeRoleAuthorizationRequirement, string> { protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, EmployeeRoleAuthorizationRequirement requirement, string roleName) { if (context.User == null) return Task.CompletedTask; if (context.User.HasClaim(ClaimConstants.Permission, ApplicationPermissions.EmployeeRoles) || context.User.IsInRole(roleName)) context.Succeed(requirement); return Task.CompletedTask; } } }and add the startup.
Plain textCopy to clipboardOpen code in new windowEnlighterJS 3 Syntax Highlighterservices.AddAuthorization(options =>options.AddPolicy(Authorization.Policies.Employee, policy => policy.Requirements.Add(new EmployeeRoleAuthorizationRequirement()));services.AddAuthorization(options => options.AddPolicy(Authorization.Policies.Employee, policy => policy.Requirements.Add(new EmployeeRoleAuthorizationRequirement()));services.AddAuthorization(options => options.AddPolicy(Authorization.Policies.Employee, policy => policy.Requirements.Add(new EmployeeRoleAuthorizationRequirement()));In the controller:
Plain textCopy to clipboardOpen code in new windowEnlighterJS 3 Syntax Highlighter[Authorize(AuthenticationSchemes = IdentityServerAuthenticationDefaults.AuthenticationScheme)][Route("api/[controller]")]public class BankController : Controller {}[HttpGet("banks")][Produces(typeof(List<BankViewModel>))][Authorize(Policies.Employee)]public IActionResult GetBanks(){ }[Authorize(AuthenticationSchemes = IdentityServerAuthenticationDefaults.AuthenticationScheme)] [Route("api/[controller]")] public class BankController : Controller {} [HttpGet("banks")] [Produces(typeof(List<BankViewModel>))] [Authorize(Policies.Employee)] public IActionResult GetBanks() { }[Authorize(AuthenticationSchemes = IdentityServerAuthenticationDefaults.AuthenticationScheme)] [Route("api/[controller]")] public class BankController : Controller {} [HttpGet("banks")] [Produces(typeof(List<BankViewModel>))] [Authorize(Policies.Employee)] public IActionResult GetBanks() { }When the client accesses the API, I get the error: Cannot Get Access Denied
I set a break point in the source EmployeeRoleAuthorizationRequirement but the HandleRequirementAsync are not called. What I make wrong?
Hi,
I've created an additional role, and now I want only one user with that role to get access to the API. So far I have added the following code.
public static class ApplicationPermissions { public static ApplicationPermission EmployeeRoles = new ApplicationPermission("Employee Roles", "employee.view", RolesPermissionGroupName, "Permission for employees"); }
The role exists in the database and can be assigned to the user. As well as everything ok.
In the source Policies I add.
public class Policies { public const string Employee = "Employee"; }
I create this class in the Authorization directory:
public class EmployeeRoleAuthorizationRequirement : IAuthorizationRequirement { public class EmployeeAuthorizationHandler : AuthorizationHandler<EmployeeRoleAuthorizationRequirement, string> { protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, EmployeeRoleAuthorizationRequirement requirement, string roleName) { if (context.User == null) return Task.CompletedTask; if (context.User.HasClaim(ClaimConstants.Permission, ApplicationPermissions.EmployeeRoles) || context.User.IsInRole(roleName)) context.Succeed(requirement); return Task.CompletedTask; } } }
and add the startup.
services.AddAuthorization(options => options.AddPolicy(Authorization.Policies.Employee, policy => policy.Requirements.Add(new EmployeeRoleAuthorizationRequirement()));
In the controller:
[Authorize(AuthenticationSchemes = IdentityServerAuthenticationDefaults.AuthenticationScheme)] [Route("api/[controller]")] public class BankController : Controller {} [HttpGet("banks")] [Produces(typeof(List<BankViewModel>))] [Authorize(Policies.Employee)] public IActionResult GetBanks() { }
When the client accesses the API, I get the error: Cannot Get Access Denied
I set a break point in the source EmployeeRoleAuthorizationRequirement but the HandleRequirementAsync are not called. What I make wrong?
Quote from Al Ve on April 5, 2018, 11:02 amHave you added to the startup class
services.AddSingleton<IAuthorizationHandler, EmployeeAuthorizationHandler>();
?
Have you added to the startup class
services.AddSingleton<IAuthorizationHandler, EmployeeAuthorizationHandler>();
?
IMPORTANT!
This forum is now archived. Click here for the New Support Forum