C
C#16mo ago
Iron

Role based Authorize Blazor Server + Client

I am stuck trying to use the @attribute [Authorize(Roles = "Admin")] in my blazor component on client side. I started by adding “ .AddRoles<IdentityRole>() “ in program.cs “ public class RoleConfiguration : IEntityTypeConfiguration<IdentityRole> { public void Configure(EntityTypeBuilder<IdentityRole> builder) { builder.HasData( new IdentityRole { Name = "Visitor", NormalizedName = "VISITOR" }, new IdentityRole { Name = "Admin", NormalizedName = "ADMIN" } ); } } “ I made the above class to create the roles Then i added a override in my ApplicationDbContext “ protected override void OnModelCreating(ModelBuilder builder) { base.OnModelCreating(builder); builder.ApplyConfiguration(new RoleConfiguration()); } “ then i ran “ INSERT INTO AspNetUserRoles VALUES ('UserId','Administrator RoleId') “ With the ids that i get from my tables, however, the [Authorize(Roles = "Admin)] on a page still tells me i dont have permissions to view this page. Any tips?
10 Replies
Iron
IronOP16mo ago
<AuthorizeView Roles="Admin"> does not work either, it does not show me.
friedice
friedice16mo ago
did you check to see if the token has the role?
Iron
IronOP16mo ago
Where can i check that?in the db you mean or check in the browser?
friedice
friedice16mo ago
so you login as a user right? and when you login you pass a token to the client side?
friedice
friedice16mo ago
you can then use https://jwt.io/ this site to check all the stuff you added to your token
JWT.IO
JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties.
Iron
IronOP16mo ago
yes as a user and the [authorize] works just not the role based one. I will check now ty I can use the user token to see email etc not any role. I also did a bool called isAdmin in my blazor component with @isAdmin = @context.User.IsInRole("Admin"); and it returns false hmmm I prob did something wrong setting it up? but i did it all at once, and basic authorize works right now just not the role based, i have the tables setup etc, redone the project multiple times to try. I see the roles that i migrated aswell they are in the table with ids.
Iron
IronOP16mo ago
My user is assigned a roleid
Iron
IronOP16mo ago
however i assigned it using sqlQuery. Seems i missed some stuff i will try some editing and we will see . http://schemas.microsoft.com/ws/2008/06/identity/claims/role I see this link in the token in the console window of the browser now. Still no success in using the role authorization yet tho because it still says my user does not have the correct role.. Hmm
Iron
IronOP16mo ago
No description
Iron
IronOP16mo ago
i added this to my program.cs in server: “builder.Services.AddIdentityServer() .AddApiAuthorization<ApplicationUser, ApplicationDbContext>() .AddProfileService<ProfileService>(); // Added this line“ And i created“ ProfileService.cs“ public class ProfileService : IProfileService { private readonly UserManager<ApplicationUser> _userManager; public ProfileService(UserManager<ApplicationUser> userManager) { _userManager = userManager; } public async Task GetProfileDataAsync(ProfileDataRequestContext context) { var user = await _userManager.GetUserAsync(context.Subject); if (user != null) { var roles = await _userManager.GetRolesAsync(user); var roleClaims = new List<Claim>(); foreach (var role in roles) { roleClaims.Add(new Claim(ClaimTypes.Role, role)); } context.IssuedClaims.AddRange(roleClaims); } } public async Task IsActiveAsync(IsActiveContext context) { var user = await _userManager.GetUserAsync(context.Subject); context.IsActive = user != null; } }“ Hey guys i fixed the issue by adding
.AddApiAuthorization<ApplicationUser, ApplicationDbContext>(opt =>
{
opt.IdentityResources["openid"].UserClaims.Add("role");
opt.ApiResources.Single().UserClaims.Add("role");
});
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Remove("role");
.AddApiAuthorization<ApplicationUser, ApplicationDbContext>(opt =>
{
opt.IdentityResources["openid"].UserClaims.Add("role");
opt.ApiResources.Single().UserClaims.Add("role");
});
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Remove("role");
to program.cs my bad......... Did not add claims to the token

Did you find this page helpful?