IdentityServer4 Role Based Authorization for Web API with ASP.NET Core Identity

by

The problem is that the claims are not added to the access token.

There are two tokens, the access token and the identity token.

When you want to add claims to the identity token, then you’ll have to configure the IdentityResource. If you want to add claims to the access token, then you’ll have to configure the ApiResource (or scope).

This should fix it for you:

public static IEnumerable<ApiResource> GetApiResources()
{
    return new List<ApiResource>
    {
        new ApiResource("api1", "My API"),
        new ApiResource("roles", "My Roles", new[] { "role" })
    };
}

Make sure the client (postman) requests the roles scope.

I did test it with the sample code from IdentityServer. In my setup I’ve added the role ‘TestUser’ to alice:

new TestUser
{
    SubjectId = "1",
    Username = "alice",
    Password = "password",
    Claims = new List<Claim> { new Claim("role", "TestUser") } 
},

The Postman call, please note the requested scope:

enter image description here

The access token including the role claim:

enter image description here

More Related Contents:

  1. Configure the authorization server endpoint
  2. Where did IMvcBuilder AddJsonOptions go in .Net Core 3.0?
  3. How to get current user in asp.net core
  4. Dynamically change connection string in Asp.Net Core
  5. How should I inject a DbContext instance into an IHostedService?
  6. IdentityServer4 register UserService and get users from database in asp.net core
  7. .NET Core Identity Server 4 Authentication VS Identity Authentication
  8. How can I use Dependency Injection in a .Net Core ActionFilterAttribute?
  9. How do I setup multiple auth schemes in ASP.NET Core 2.0?
  10. TempData null in asp.net core
  11. Convert IHtmlContent/TagBuilder to string in C#
  12. How to consume a Scoped service from a Singleton?
  13. ASP.NET Identity – Multiple object sets per type are not supported
  14. User in Entity type MVC5 EF6
  15. ASP.Net Core MVC – Client-side validation for custom attribute
  16. Unable to edit db entries using EFCore, EntityState.Modified: “Database operation expected to affect 1 row(s) but actually affected 0 row(s).”
  17. Get UserID of logged-in user in Asp.Net MVC 5
  18. Error handling (Sending ex.Message to the client)
  19. Generate access token with IdentityServer4 without password
  20. Configure Unity DI for ASP.NET Identity
  21. How do I inject ASP.NET 5 (vNext) user-secrets into my own utility class?
  22. Tag helper not being processed in ASP.NET Core 2
  23. Register AspNetCore 2.1 Identity system with DbContext interface
  24. Get the current user, within an ApiController action, without passing the userID as a parameter
  25. The entity type ‘IdentityUserLogin’ requires a primary key to be defined [duplicate]
  26. Error 500.19 with 0x8007000d when running ASP.NET Core app in IIS despite AspNetCoreModule being installed
  27. Dealing with large file uploads on ASP.NET Core 1.0
  28. How can I ensure that appsettings.dev.json gets copied to the output folder?
  29. Can System.Web be used with ASP.Net Core with Full Framework
  30. An error occurred attempting to determine the process id of dotnet.exe which is hosting your application. One or more error occured

Leave a Comment