Authorize标记上的角色和IdentityServer3客户端设置之间是什么关系？

Question

In the Authorize tag, if specify a Role, access is denied and I can't figure out how to configure IdentityServer3 to allow the Role. I'm using the client credentials flow. Here is the tag:

[Authorize(Roles = "Read")]

The code I've used to create the client is as follows:

public IEnumerable<Client> GetClientsToAddUpdate()
{
    return new Client[]
    {
        new Client
        {
            ClientName = "Portal Client Name",
            Enabled = true,
            ClientId = "portalClientName",
            ClientSecrets = new List<Secret>
            {
                new Secret("AVerySecretSecret".Sha256())
            },
            Flow = Flows.ClientCredentials,
            AllowClientCredentialsOnly = true,
            AllowedScopes = new List<string>
            {
                "Read"
            },

            Claims = new List<Claim>
            {
                new Claim("client_type", "headless"),
                new Claim("client_owner", "Portal"),
                new Claim("add_detail", "allow")
            },
            PrefixClientClaims = false
        }
    };
}

I have a Scope of Read and send that Scope when getting the Bearer Token and if I use an Authorize tag with no Roles specified everything works. As soon as I add a Role authorization is denied. How do I modify the Client to add the "Read" Role?

Some background is I'd like to use Swagger via Swashbuckle to give clients a sandbox to play with the API and I can't get the authorization to work, so I'd like to add Role since this seems to get the Swagger UI closer to working.

Answer 1

Unfortunately this mapping ends up breaking the specific claim names defined as name and role , because their names get transformed and no longer map to what you were expecting.

This results in the [Authorize(Roles = "")] and User.IsInRole("") not working as expected.

Please refer also this