0

I download [Thinktecture.IdentityServer.v3][1] and the corresponding clients projects. I want to check the user role in the SampleAspNetWebApi project. So i change the sample method as follows

 [Authorize(Roles="Admin")]

 public class IdentityController : ApiController
    {
        public dynamic Get()
        {
            var principal = User as ClaimsPrincipal;

            return from c in principal.Identities.First().Claims
                   select new 
                   {
                       c.Type,
                       c.Value
                   };
        }
    }

I use the WPF hybrid client to Call the service and use alice user that has the Admin role. But it returns UnAuthorized error. The user is authenticated but the role is not set.

How can i check the user role in SampleAspNetWebApi project?

Alborz
  • 6,843
  • 3
  • 22
  • 37

1 Answers1

1

The Authorize attribute looks for a Microsoft/.NET specific role claim type

http://schemas.microsoft.com/ws/2008/06/identity/claims/role

We emit a simple 'role' claim.

You can map the incoming claims to what ASP.NET expects - but this is turned off - try removing this line from startup.cs:`

JwtSecurityTokenHandler.InboundClaimTypeMap = ClaimMappings.None;

leastprivilege
  • 18,196
  • 1
  • 34
  • 50
  • Are the roles available in webapi project to map? why are the roles returned in id_token while access_token is sent to webapi project? – Alborz Nov 17 '14 at 10:13
  • 1
    That depends on your scope configuration. Check the wiki for documentation. – leastprivilege Nov 17 '14 at 13:46
  • As @leastprivilege said, that depends on the scope configuration. I added idmgr(which is a resource type scope and has role ScopeClaim) to my scope and then it worked without any claim mapping. Thank you. – Alborz Nov 17 '14 at 14:16
  • I have the same problem, but with IdentityManager (not IdentityServer)... How would I map the claims in this case? – fretje Mar 17 '15 at 14:57