phicon phicon - 5 months ago 24
ASP.NET (C#) Question

ASP Core Azure Active Directory Login use roles

I created an Azure Active Directory Application and i want to use role based security. I followed the tutorial on: https://azure.microsoft.com/en-us/resources/samples/active-directory-dotnet-webapp-openidconnect-aspnetcore/

The login works, I added roles to the application manifest and assigned the role

Approver
to my own account. Now i want to use these roles.

After login the following works in the controller:

[Authorize]


But when adding the role the user is not authorized:

[Authorize(Roles="Approver")]


Also the following returns false:

User.IsInRole("Approver");


It seems the roles are not retreived, any suggestions on how to add the role functionality to this demo project?

Answer Source

This code sample works for me after assign roles to account . Please debug application in this line: User.IsInRole("Approver"); , check whether {http://schemas.microsoft.com/ws/2008/06/identity/claims/role: Approver}exists in user claims . And make sure you add roles which allowedMemberTypes is user , for example :

{
      "allowedMemberTypes": [
        "User"
      ],
      "displayName": "Approver",
      "id": "fc803414-3c61-4ebc-a5e5-cd1675c14bbb",
      "isEnabled": true,
      "description": "Approvers have the ability to change the status of tasks.",
      "value": "Approver"
    },

And you have assign the user role in Enterprise applications-->All applications--> find your app-->Users and groups--> add/edit a user and assign roles : enter image description here