How to use RBAC with an Application (rather than an API)?

I’m creating an ASP.Net MVC application. As such, I have configured an Application in the Auth0 dashboard (not an API).

I’ve created some roles, and added users to those roles.

When configuring an API, there is an option to enable RBAC. But I can’t see any equivalent when configuring an Application. And in my MVC code, I can see the claims that the logged-in user has, such as their name and e-mail address, but I can’t see any way to show what roles the user belongs to (or to authenticate based on role).

Could someone point me in the right direction? I’ve seen a similar post from a while ago that pointed towards a React example, but the React example adds roles to the user’s token based on things like their e-mail address, it doesn’t look at the RBAC-configured roles, and I can’t figure out how to do that. Thanks!

Hi @dean.dashwood,

Welcome to the Community!

You can add the roles to the access token or the ID token using this rule:

Then, simply look at which role the user has to restrict/grant access.

1 Like

That was enough to point me in the right direction Dan, thanks

1 Like

Let us know if you have any other questions!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.