ASP Core Azure Active Directory 登录使用角色 [英] ASP Core Azure Active Directory Login use roles

问题描述

我创建了一个 Azure Active Directory 应用程序，并且我想使用基于角色的安全性.我按照以下教程进行操作:

I created an Azure Active Directory Application and i want to use role based security. I followed the tutorial on: https://azure.microsoft.com/en-us/resources/samples/active-directory-dotnet-webapp-openidconnect-aspnetcore/

The login works, I added roles to the application manifest and assigned the role Approver to my own account. Now i want to use these roles.

After login the following works in the controller:

[Authorize]

But when adding the role the user is not authorized:

[Authorize(Roles="Approver")]

Also the following returns false:

User.IsInRole("Approver");

It seems the roles are not retreived, any suggestions on how to add the role functionality to this demo project?

解决方案

This code sample works for me after assign roles to account . Please debug application in this line: User.IsInRole("Approver"); , check whether {http://schemas.microsoft.com/ws/2008/06/identity/claims/role: Approver}exists in user claims . And make sure you add roles which allowedMemberTypes is user , for example :

{
      "allowedMemberTypes": [
        "User"
      ],
      "displayName": "Approver",
      "id": "fc803414-3c61-4ebc-a5e5-cd1675c14bbb",
      "isEnabled": true,
      "description": "Approvers have the ability to change the status of tasks.",
      "value": "Approver"
    },

And you have assign the user role in Enterprise applications-->All applications--> find your app-->Users and groups--> add/edit a user and assign roles :

这篇关于ASP Core Azure Active Directory 登录使用角色的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！