I added the following code in my Startup.cs so that I can access app roles I created in my registered application in Azure AD.
// Startup.cs
public void ConfigureServices(IServiceCollection services)
{
// [removed for brevity]
// This is required to be instantiated before the OpenIdConnectOptions starts getting configured.
// By default, the claims mapping will map claim names in the old format to accommodate older SAML applications.
// 'http://schemas.microsoft.com/ws/2008/06/identity/claims/role' instead of 'roles'
// This flag ensures that the ClaimsIdentity claims collection will be built from the claims in the token
JwtSecurityTokenHandler.DefaultMapInboundClaims = false;
// The following lines code instruct the asp.net core middleware to use the data in the "groups" claim in the Authorize attribute and User.IsInrole()
// See https://docs.microsoft.com/aspnet/core/security/authorization/roles?view=aspnetcore-2.2 for more info.
services.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
// Use the groups claim for populating roles
options.TokenValidationParameters.RoleClaimType = "roles";
});
// [removed for brevity]
}
User.IsInRole("UserReaders"); // In methods
When I try to access the role using the following code [user.IsInRole("Admin")] , it does not seem to recognize the "Admin" role. I confirmed this is the user/app role I am assigned to but not working. Is there something I am doing wrong or missing? Any help would be appreciated!
//Used to determine user role
var user = (await authenticationStateTask).User;
if (args.RequestType.Equals(Syncfusion.Blazor.Grids.Action.BeginEdit))
{
//check user role
//if (user.IsInRole("Claim_Reviewer"))
if (user.IsInRole("Admin"))
{
var SelectedRowsForSave = await DefaultGrid.GetSelectedRecords();
var selectedcount = SelectedRowsForSave.Count();
//Only allow to edit 1 record at time.
if (selectedcount > 1)
{
args.Cancel = true;
IsVisible_EditOneRecord_Only = true;
}
}
else
{
//Close edit dialog and show no permissions dialog box
args.Cancel = true;
IsVisible_NoPermissions = true;
}
}