How I get user permissions in ASP.NET Core MVC

salmeidabatista · June 10, 2020, 3:11am

Hi, below my code

services.Configure<CookiePolicyOptions>(options =>
        {
            options.CheckConsentNeeded = context => true;
            options.MinimumSameSitePolicy = SameSiteMode.None;
        });

        // Add authentication services
        services.AddAuthentication(options => {
            options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        })
        .AddCookie()
        .AddOpenIdConnect("Auth0", options => {
            options.Authority = $"https://{Configuration["Auth0:Domain"]}";
            options.ClientId = Configuration["Auth0:ClientId"];
            options.ClientSecret = Configuration["Auth0:ClientSecret"];
            options.ResponseType = OpenIdConnectResponseType.Code;
            options.Scope.Add("openid");
            options.Scope.Add("profile");
            options.Scope.Add("email");
            options.CallbackPath = new PathString("/Home");
            options.ClaimsIssuer = "Auth0";
            options.Events = new OpenIdConnectEvents
            {
                OnRedirectToIdentityProviderForSignOut = context =>
                {
                    context.ProtocolMessage.SetParameter("audience", Configuration["Auth0:Audience"]);
                    return Task.FromResult(0);
                }
            };
        });

In my controller, when I use the instruction User.Claims, I do not see the permissions that I put to user

dan.woda · June 11, 2020, 11:26pm

Hi @salmeidabatista,

Welcome to the Community!

If you have configured role based access control for your API, then the permissions will be included in the access token. I think the user claims you are referring to here would be from the id token or userinfo enpoint, which would not include the permissions claim.

Hope this helps!
Dan

dan.woda · June 26, 2020, 11:29pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Use API access token to Authorize in .net Core MVC? Help	3	3253	October 28, 2021
API Permissions not in User.Claims Help login-experience , new-universal-login-experience	6	938	January 2, 2024
No claims returned after login Help auth0 , aspnet-core	8	5806	June 18, 2019
Add roles to the access token Help	7	24780	October 28, 2019
User role permission not showing Help user-profile , user-management	0	325	February 6, 2024

How I get user permissions in ASP.NET Core MVC

Related topics