[Suggestion] Add some instructions for getting role claims. #32512
Labels
aspnet-core/svc
blazor/subsvc
Blazor
doc-enhancement
Pri2
Priority 2
Source - Docs.ms
Docs Customer feedback via GitHub Issue
Description
I ran into a use case where I wanted to not only validate that a user can sign in, but that they are in a particular role before viewing a page/component.
I had made a ticket here dotnet/aspnetcore#55314 and I thought it might be useful for others to have this documented. It could be helpful for other providers as well if they have something like multiple policies you'd like to map or another claim type with multiple values.
I am using Entra as my oidc provider, so the prerequisites for this are having an entra app and app registration in order to assign users/groups/apps to role(s).
A user can be assigned to multiple roles so I needed to adjust the UserInfo Class at https://github.com/dotnet/blazor-samples/blob/main/8.0/BlazorWebAppOidc/BlazorWebAppOidc.Client/UserInfo.cs to the following
Also the Entra string claim for the role claim is actually "roles" so you need to change the string value in https://github.com/dotnet/blazor-samples/blob/main/8.0/BlazorWebAppOidc/BlazorWebAppOidc/Program.cs
This portion was elusive for me and seems silly now, but I imagine different providers can have different naming. When I was using just microsoft identity nuget packages the roles actually came through as
appRole
🤷♀️Finally, in your UserClaims page component you can add the following in order to test out your roles
Page URL
https://learn.microsoft.com/en-us/aspnet/core/blazor/security/blazor-web-app-with-oidc?view=aspnetcore-8.0&pivots=with-bff-pattern#configuration-1
Content source URL
https://github.com/dotnet/AspNetCore.Docs/blob/main/aspnetcore/blazor/security/blazor-web-app-with-oidc.md
Document ID
c3346d3a-346b-8db4-2650-ec044b3f0dd9
Article author
@guardrex
The text was updated successfully, but these errors were encountered: