You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
However, I could not find a way to implement role-based authorization in my Blazor Server Application using Skoruba IdentityServer4.Admin. Could you please help?
I found an alternative way (policy-based) but I think using role-based will be better.
builder.Services.AddAuthorization(options =>
{
options.AddPolicy("IsAdmin", policy => policy.RequireClaim("role", "Admin"));
// By default, all incoming requests will be authorized according to the default policy
options.FallbackPolicy = options.DefaultPolicy;
});
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
I have just started learning to use Skoruba IdentityServer4.Admin from https://github.com/skoruba/IdentityServer4.Admin
However, I could not find a way to implement role-based authorization in my Blazor Server Application using Skoruba IdentityServer4.Admin. Could you please help?
I found an alternative way (policy-based) but I think using role-based will be better.
Below is my alternative way (policy-based):
Blazor Server's Program.cs
builder.Services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect(options =>
{
options.SignInScheme = "Cookies";
options.SignOutScheme = OpenIdConnectDefaults.AuthenticationScheme;
options.RequireHttpsMetadata = true;
options.Authority = builder.Configuration["OIDC:Authority"];
options.ClientId = builder.Configuration["OIDC:ClientId"];
options.ClientSecret = builder.Configuration["OIDC:ClientSecret"];
options.ResponseType = "code";
options.UsePkce = true;
options.Scope.Add("openid");
options.Scope.Add("profile");
options.Scope.Add("email");
options.Scope.Add("roles");
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.ClaimActions.MapJsonKey("role", "role");
options.TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = "name"
};
options.Events = new OpenIdConnectEvents
{
OnAccessDenied = context =>
{
context.HandleResponse();
context.Response.Redirect("/");
return Task.CompletedTask;
},
OnSignedOutCallbackRedirect = context => {
context.HandleResponse();
context.Response.Redirect("/");
return Task.CompletedTask;
}
};
});
builder.Services.AddControllersWithViews().AddMicrosoftIdentityUI();
builder.Services.AddAuthorization(options =>
{
options.AddPolicy("IsAdmin", policy => policy.RequireClaim("role", "Admin"));
// By default, all incoming requests will be authorized according to the default policy
options.FallbackPolicy = options.DefaultPolicy;
});
Blazor Server's Page
@Attribute [Authorize(Policy = "IsAdmin")]
Program.txt
Beta Was this translation helpful? Give feedback.
All reactions