Hi there! Can you please share your Configure method in your
Startup.cs. It is key in what order in the middleware pipeline you put
AddAuthentication() and AddAuthorization().
Yes, but I'm talking about the Configure() method, not the
ConfigureServices() method. Authorization is a combination of services and middleware which are configured in two different methods, for example:
Now the order in how the authentication/authorization should be added in
Configure() was updated in .NET Core 3.0, so if you're upgrading an application from .NET Core 2.x it won't work unless move stuff around a bit.
Please find enclosed the configuration as requested
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env) {
if (env.IsDevelopment()) {
app.UseDeveloperExceptionPage();
app.UseDatabaseErrorPage();
} else {
app.UseExceptionHandler("/Home/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints => {
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
endpoints.MapRazorPages();
});
}
I do not see cookie authentication configuration. There is nothing to cache the claims/roles.
The configuration shows a custom claims factory and it is not clear what programming problem the factory solves. The configuration also shows claims policies that are not being used. Can you explain your security requirements?
I am not sure where I need the claim code to save to the cookie that is what I am asking sign in and all the other features of identity are working except for claims and roles. I can add roles and make somoene a member of that role but I dont no how
I do this when the person signs up or logins in I beleive you said the claim needs to be passed to the cookie somehow can you explain more or provide a like to 3.1 asp.net core documenation thanks.
Member
16 Points
131 Posts
Authorisation role always giving access denied Asp.net core 3.1 Identity
Jul 01, 2020 01:57 PM|roguenidb|LINK
My Authorisation is not working correctly even though they are in the role for example I am always getting access denied
My Roles for Manger
Do I need to place anyting in my identity sign in page and register page to assign the role when they login or register?
Roles
Users In Roles
My Controller Decoration
// GET: MISObjects/Details/5 [Authorize(Roles = "Manager")] public async Task<IActionResult> Details(int? id) { if (id == null) { return NotFound(); } var mISObject = await _context.MISobject .FirstOrDefaultAsync(m => m.Id == id); if (mISObject == null) { return NotFound(); } return View(mISObject); }public void ConfigureServices(IServiceCollection services) { services.AddDbContext<MISDBContext> (options => options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection"))); services.AddDbContext<ApplicationDbContext>(options => options.UseSqlServer( Configuration.GetConnectionString("DefaultConnection"))); services.AddIdentity<ApplicationUser, IdentityRole>() .AddDefaultUI() .AddDefaultTokenProviders() .AddEntityFrameworkStores<MISDBContext>().AddClaimsPrincipalFactory<MyUserClaimsPrincipalFactory>(); //<---- add this line services.AddControllersWithViews(); services.AddRazorPages(); services.AddAuthorization(options => { options.AddPolicy("Admin", policy => policy.RequireRole("Admin")); options.AddPolicy("Manager", policy => policy.RequireRole("Manager")); options.AddPolicy("ElevatedRights", policy => policy.RequireRole("Administrator", "PowerUser", "BackupAdministrator")); }); }Edit 2
All my claims factory is doing is the following
public class MyUserClaimsPrincipalFactory : UserClaimsPrincipalFactory<ApplicationUser> { public MyUserClaimsPrincipalFactory( UserManager<ApplicationUser> userManager, IOptions<IdentityOptions> optionsAccessor) : base(userManager, optionsAccessor) { } protected override async Task<ClaimsIdentity> GenerateClaimsAsync(ApplicationUser user) { var identity = await base.GenerateClaimsAsync(user); identity.AddClaim(new Claim("FullName", user.FirstName + " " + user.LastName ?? "[Click to edit profile]")); return identity; } } }Here is the full reproduceable repo
https://github.com/davidbuckleyni/AuthorisationRepoMS
None
0 Points
4 Posts
Re: Authorisation role always giving access denied Asp.net core 3.1 Identity
Jul 01, 2020 07:27 PM|tidyui|LINK
Hi there! Can you please share your
Configuremethod in yourStartup.cs. It is key in what order in the middleware pipeline you putAddAuthentication()andAddAuthorization().Best regards
Håkan
Member
16 Points
131 Posts
Re: Authorisation role always giving access denied Asp.net core 3.1 Identity
Jul 02, 2020 12:01 AM|roguenidb|LINK
None
0 Points
4 Posts
Re: Authorisation role always giving access denied Asp.net core 3.1 Identity
Jul 02, 2020 03:39 AM|tidyui|LINK
Yes, but I'm talking about the
Configure()method, not theConfigureServices()method. Authorization is a combination of services and middleware which are configured in two different methods, for example:public void ConfigureServices(IServiceCollection services)
{
...services.AddIdentity(...);services.AddAuthorization(...);
}public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{...app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
...
}Now the order in how the authentication/authorization should be added inConfigure()was updated in .NET Core 3.0, so if you're upgrading an application from .NET Core 2.x it won't work unless move stuff around a bit.Regards
Member
16 Points
131 Posts
Re: Authorisation role always giving access denied Asp.net core 3.1 Identity
Jul 02, 2020 06:41 AM|roguenidb|LINK
Please find enclosed the configuration as requested
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline. public void Configure(IApplicationBuilder app, IWebHostEnvironment env) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); app.UseDatabaseErrorPage(); } else { app.UseExceptionHandler("/Home/Error"); // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts. app.UseHsts(); } app.UseHttpsRedirection(); app.UseStaticFiles(); app.UseRouting(); app.UseAuthentication(); app.UseAuthorization(); app.UseEndpoints(endpoints => { endpoints.MapControllerRoute( name: "default", pattern: "{controller=Home}/{action=Index}/{id?}"); endpoints.MapRazorPages(); }); }All-Star
52971 Points
23571 Posts
Re: Authorisation role always giving access denied Asp.net core 3.1 Identity
Jul 02, 2020 10:37 AM|mgebhard|LINK
I do not see cookie authentication configuration. There is nothing to cache the claims/roles.
The configuration shows a custom claims factory and it is not clear what programming problem the factory solves. The configuration also shows claims policies that are not being used. Can you explain your security requirements?
Member
16 Points
131 Posts
Re: Authorisation role always giving access denied Asp.net core 3.1 Identity
Jul 02, 2020 05:21 PM|roguenidb|LINK
I am not sure where I need the claim code to save to the cookie that is what I am asking sign in and all the other features of identity are working except for claims and roles. I can add roles and make somoene a member of that role but I dont no how I do this when the person signs up or logins in I beleive you said the claim needs to be passed to the cookie somehow can you explain more or provide a like to 3.1 asp.net core documenation thanks.
Member
16 Points
131 Posts
Re: Authorisation role always giving access denied Asp.net core 3.1 Identity
Jul 18, 2020 02:10 AM|roguenidb|LINK
Can you please expand on cookie authontication configuration why do we need this in .net core when idenity takes care of that.
All-Star
52971 Points
23571 Posts
Re: Authorisation role always giving access denied Asp.net core 3.1 Identity
Jul 18, 2020 11:47 AM|mgebhard|LINK
You are correct.
Again, you have a custom principal claim factory. The community cannot see the code.
I use Identity in several projects and do not have this problem.
Member
16 Points
131 Posts
Re: Authorisation role always giving access denied Asp.net core 3.1 Identity
Jul 18, 2020 07:25 PM|roguenidb|LINK
Hi I have posted the code requested above as well as a reporduceable repo.
Would need sql server to scafold the database thouugh
Member
16 Points
131 Posts
Re: Authorisation role always giving access denied Asp.net core 3.1 Identity
Jul 18, 2020 07:29 PM|roguenidb|LINK
Hi I have posted the code requested above as well as a reporduceable repo.
Would need sql server to scafold the database thouugh
</div>Its above post in edit 2
Member
16 Points
131 Posts
Re: Authorisation role always giving access denied Asp.net core 3.1 Identity
Jul 21, 2020 12:38 AM|roguenidb|LINK
Hi it ended being this line it over ridden the expect beahiour
.AddClaimsPrincipalFactory<MyUserClaimsPrincipalFactory>(); //<---- add this line
All my factory was doing was getting the signed in name once it was removed it worked as expected
Member
16 Points
131 Posts
Re: Authorisation role always giving access denied Asp.net core 3.1 Identity
Jul 21, 2020 01:34 AM|roguenidb|LINK
I showed the code in the second edit of the post if you look it was presented to the community ! For the claims facotory