I download [Thinktecture.IdentityServer.v3][1] and the corresponding clients projects. I want to check the user role in the SampleAspNetWebApi project.
So i change the sample method as follows
[Authorize(Roles="Admin")]
public class IdentityController : ApiController
{
public dynamic Get()
{
var principal = User as ClaimsPrincipal;
return from c in principal.Identities.First().Claims
select new
{
c.Type,
c.Value
};
}
}
I use the WPF hybrid client to Call the service and use alice user that has the Admin role.
But it returns UnAuthorized error.
The user is authenticated but the role is not set.
How can i check the user role in SampleAspNetWebApi project?
The Authorize attribute looks for a Microsoft/.NET specific role claim type
http://schemas.microsoft.com/ws/2008/06/identity/claims/role
We emit a simple 'role' claim.
You can map the incoming claims to what ASP.NET expects - but this is turned off - try removing this line from startup.cs:`
JwtSecurityTokenHandler.InboundClaimTypeMap = ClaimMappings.None;