RBAC Permissions in ASP.NET Core MVC application

I have downloaded/followed the ASP.NET Core MVC Quick Start Guide which is nice and helpful. https://auth0.com/docs/quickstart/webapp/aspnet-core/03-authorization#restrict-access-based-on-user-roles

I haven’t found a way/rule to consume the role permissions in the app. It’s working well in the API project (separate service) that I have, but I don’t see the equivalent settings to include the permissions claims in the token for the Native application.

I have also considered that perhaps it’s a matter of ASP.NET Core MVC being Role-Based and therefore it’s not appropriate to use the permissions. Is my design goal fundamentally wrong?


Hi @mgrabau_noun,

Welcome to the Auth0 Community Forum!

Take a look at this blog post:

About halfway down there is a section titled * Handling Authorization in React Apps: the Naive Way* that may provide some insight into how to handle roles and permissions in your client side app.

Hope this helps!


Thanks @dan.woda I will give that a read and see if it might work. Just to clarify, will this work in an ASP.NET Core MVC app since that’s running on a server (ie. traditional/regular web application vs a single-page app such as Vue or React)?

Thank you!

@dan.woda I think that I’ve got a good grasp of how this might be done, but I imagine that the next step is to build the list of permissions dynamically based on querying the Auth0 API for the role permissions as well.

I’m going to begin investigating that now for my context. The article is helpful, but I don’t see the tie-in to the Authorization Core (is that the role/permission assignment that appears in the dashboard).



I am not an expert on the ASP.NET core, so there may be some gaps that need filled in, but you should be able to translate the concepts form the react sample.

Yes, the authorization core is the roles and permissions assignments shown in the dashboard. You can add the user’s roles to a token like this:

Could you outline an example to help us understand your use-case better?

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.