question

JaySan-0490 avatar image
0 Votes"
JaySan-0490 asked RakeshJagatap-4451 commented

Authorize api and identity pages

I try to authorize by role Identity pages and API controllers and it doesn't work as expected.

I use Identity for security and i want to authorize the identity register page by role i want to authorize api controllers also.
If I use just this code, I can authorize identy pages:

services.AddAuthentication().AddIdentityServerJwt();

But if i use this code:

services.AddAuthentication(options => { options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }) .AddJwtBearer(options => {}.AddIdentityServerJwt()

I can authorize api but I can't authorize identity page. Does anyone has any ideea how can I authorize both?


azure-active-directorymicrosoft-authenticatordotnet-aspnet-core-mvcazure-ad-msal
· 11
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

What do you mean by "server jwt doesn't work"? And where is the actual question?

0 Votes 0 ·

Can you explain what "doesn't work" means? Web API authorization is not working as expected? Is Web API hosted with Identity Server?

0 Votes 0 ·

I can authorize api but I can't authorize identity page. Does anyone has any ideea how can I authorize both?

I assume your edited post is asking how to add authorization to a Razor Page not Web API??? Razor pages do not use JWTs they use an authentication cookie.

Razor Pages authorization conventions in ASP.NET Core


0 Votes 0 ·

@AgaveJoe if I use this .AddIdentityServerJwt(); Razor pages use jwts.. I think you are suggesting me another method to authoriuze pages

0 Votes 0 ·

if I use this .AddIdentityServerJwt(); Razor pages use jwts.. I think you are suggesting me another method to authoriuze pages

I think you are making assumptions.

JWTs are sent in the Authorization header as a bearer token to authorize access to secured Web API resources. The client, code, is responsible for passing the token in the HTTP request. The JWT middleware reads the token and creates the user principal.

Razor Pages use cookie authentication because the client is always a browser which handles cookies automatically. The Identity framework uses cookie authentication middleware (default) to read the cookie and setup the principal.

Please read the link in my first post which illustrates these concepts. Also please visit the links on the left.

If you still have question, please clarify what yo u are trying to do and provide sample code that reproduces the unwanted behavior.


0 Votes 0 ·

Okay, I'll explain what I'm trying to do:
1.To do role-based authorization on razor pages (and here I mean identity pages)
2.To do role-based authorization on API (ie the controllers that manage the requests that come from the client)

In order to do this, as the first method I use this piece of code:
services.AddAuthentication().AddIdentityServerJwt();

When I use this method the Identity pages are properly authorized and the authorization function returns what is needed depending on the roll claim on the token (cookie you want), instead on the normal API controller it always returns false even if claim the controller is correct.


0 Votes 0 ·

instead on the normal API controller it always returns false even if claim the controller is correct.

That indicates the token is missing the role/claim. Get a copy of the token and take a look at the claims. How is the token generated? Did you write the logic to populate the token?

If you are hosting Identity Server and want to get the user roles into a claim, then you need to implement the IProfileService. There are several SO posts on this subject as well.


0 Votes 0 ·
Show more comments

Hi, if the posted answer resolves your question, please mark it as the answer by clicking the check mark. Doing so helps others find answers to their questions.

0 Votes 0 ·

0 Answers