Last post Nov 27, 2017 05:27 AM by Edward Z
Nov 07, 2017 08:05 PM|trenzin|LINK
How to get a role based authorization in ASP.NET OWIN with JWT?
this is middleware when JWT is authenticated:
AuthenticationMode = AuthenticationMode.Active,
TokenValidationParameters = new TokenValidationParameters()
ValidAudience = apiAudience,
ValidIssuer = domain,
IssuerSigningKeyResolver = (token, securityToken, identifier, parameters) => keyResolver.GetSigningKey(identifier)
Nov 08, 2017 02:52 AM|Edward Z|LINK
>> How to get a role based authorization in ASP.NET OWIN with JWT?
Do you mean you want to enable role authorization under JWT, and valid role by OWIN?
If so, you need to add role claims while generating JWT token like below:
private async Task<JwtSecurityToken> GetJwtSecurityToken(UserEntity user)
var userClaims = await _userManager.GetClaimsAsync(user);
return new JwtSecurityToken(
signingCredentials: new SigningCredentials(new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_appConfiguration.Value.Key)), SecurityAlgorithms.HmacSha256)
And then, you could valid the claims from the token in OWIN Middleware.
You could refer below link for more information.
# JWT Authentication for Asp.Net Web Api
Nov 08, 2017 04:53 AM|trenzin|LINK
Yes I want to enable role authorization. But I need to claim that roles in API only. I am using Auth0 to generate tokens and the roles are already attached in JWT and the actual user is not stored in any local db just in Auth0 db. So the question is how
to consume logged users in API to get their roles?
Nov 08, 2017 06:28 AM|Edward Z|LINK
>> So the question is how to consume logged user in API to get ther roles?
What do you mean by this? In general, we store user and role in token, and you have said the roles are already attached in token. Then, you just need to check whether the user has the role to access the api.
Do you mean you do not know how to access role in API? In general, role in token will be converted to Claims and store in User.Identity, you could try below link to access user claims to check user role.
var identity = (ClaimsIdentity)User.Identity;
IEnumerable<Claim> claims = identity.Claims;
Nov 24, 2017 11:56 AM|trenzin|LINK
Thanks for the answer. Eventually it works but do I have to check it in every controller or is any other way to do it as I'm authenticated?
EDIT: I probably solved that by claiming roles in Base api controller which from my other controllers inherit.
Nov 27, 2017 05:27 AM|Edward Z|LINK
>> do I have to check it in every controller or is any other way to do it as I'm authenticated?
As you have found, you could solve this by claiming roles in Base API controller.