How I get user permissions in ASP.NET Core MVC

salmeidabatista · June 10, 2020, 3:11am

Hi, below my code

services.Configure<CookiePolicyOptions>(options =>
        {
            options.CheckConsentNeeded = context => true;
            options.MinimumSameSitePolicy = SameSiteMode.None;
        });

        // Add authentication services
        services.AddAuthentication(options => {
            options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        })
        .AddCookie()
        .AddOpenIdConnect("Auth0", options => {
            options.Authority = $"https://{Configuration["Auth0:Domain"]}";
            options.ClientId = Configuration["Auth0:ClientId"];
            options.ClientSecret = Configuration["Auth0:ClientSecret"];
            options.ResponseType = OpenIdConnectResponseType.Code;
            options.Scope.Add("openid");
            options.Scope.Add("profile");
            options.Scope.Add("email");
            options.CallbackPath = new PathString("/Home");
            options.ClaimsIssuer = "Auth0";
            options.Events = new OpenIdConnectEvents
            {
                OnRedirectToIdentityProviderForSignOut = context =>
                {
                    context.ProtocolMessage.SetParameter("audience", Configuration["Auth0:Audience"]);
                    return Task.FromResult(0);
                }
            };
        });

In my controller, when I use the instruction User.Claims, I do not see the permissions that I put to user

dan.woda · June 11, 2020, 11:26pm

Hi @salmeidabatista,

Welcome to the Community!

If you have configured role based access control for your API, then the permissions will be included in the access token. I think the user claims you are referring to here would be from the id token or userinfo enpoint, which would not include the permissions claim.

Hope this helps!
Dan

dan.woda · June 26, 2020, 11:29pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Use API access token to Authorize in .net Core MVC? Get Help	3	3517	October 28, 2021
RBAC Permissions in ASP.NET Core MVC application Get Help aspnet-core , net-mvc-client-crede	5	8116	November 15, 2019
How to get to the email_verified api int AuthO user profile with ASP.NET Core AUthorization Policy Get Help user-profile , authorization-polici	2	4351	March 2, 2018
Aceess Token to short. Netcore MVC + WebAPi Netcore 2.0 Get Help login	2	3971	July 26, 2019
Add roles to the access token Get Help	7	25099	October 28, 2019

How I get user permissions in ASP.NET Core MVC

Related topics