How to use RBAC with an Application (rather than an API)?

dean.dashwood · June 25, 2020, 6:30pm

I’m creating an ASP.Net MVC application. As such, I have configured an Application in the Auth0 dashboard (not an API).

I’ve created some roles, and added users to those roles.

When configuring an API, there is an option to enable RBAC. But I can’t see any equivalent when configuring an Application. And in my MVC code, I can see the claims that the logged-in user has, such as their name and e-mail address, but I can’t see any way to show what roles the user belongs to (or to authenticate based on role).

Could someone point me in the right direction? I’ve seen a similar post from a while ago that pointed towards a React example, but the React example adds roles to the user’s token based on things like their e-mail address, it doesn’t look at the RBAC-configured roles, and I can’t figure out how to do that. Thanks!

dan.woda · June 26, 2020, 4:59pm

Hi @dean.dashwood,

Welcome to the Community!

You can add the roles to the access token or the ID token using this rule:

Then, simply look at which role the user has to restrict/grant access.

dean.dashwood · June 26, 2020, 10:37pm

That was enough to point me in the right direction Dan, thanks

dan.woda · June 27, 2020, 1:30am

Let us know if you have any other questions!

system · July 12, 2020, 1:30am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.