How to check user role in a resource server when using Thinktecture.IdentityServer.v3

938 views Asked by At

I download [Thinktecture.IdentityServer.v3][1] and the corresponding clients projects. I want to check the user role in the SampleAspNetWebApi project. So i change the sample method as follows

 [Authorize(Roles="Admin")]

 public class IdentityController : ApiController
    {
        public dynamic Get()
        {
            var principal = User as ClaimsPrincipal;

            return from c in principal.Identities.First().Claims
                   select new 
                   {
                       c.Type,
                       c.Value
                   };
        }
    }

I use the WPF hybrid client to Call the service and use alice user that has the Admin role. But it returns UnAuthorized error. The user is authenticated but the role is not set.

How can i check the user role in SampleAspNetWebApi project?

1

There are 1 answers

4
leastprivilege On BEST ANSWER

The Authorize attribute looks for a Microsoft/.NET specific role claim type

http://schemas.microsoft.com/ws/2008/06/identity/claims/role

We emit a simple 'role' claim.

You can map the incoming claims to what ASP.NET expects - but this is turned off - try removing this line from startup.cs:`

JwtSecurityTokenHandler.InboundClaimTypeMap = ClaimMappings.None;