[英]What is the relationship between Roles on the Authorize tag and IdentityServer3 client setup
In the Authorize tag, if specify a Role, access is denied and I can't figure out how to configure IdentityServer3 to allow the Role. 在Authorize标记中,如果指定角色,则访问被拒绝,并且我不知道如何配置IdentityServer3以允许该角色。 I'm using the client credentials flow.
我正在使用客户端凭据流。 Here is the tag:
标签是:
[Authorize(Roles = "Read")]
The code I've used to create the client is as follows: 我用来创建客户端的代码如下:
public IEnumerable<Client> GetClientsToAddUpdate()
{
return new Client[]
{
new Client
{
ClientName = "Portal Client Name",
Enabled = true,
ClientId = "portalClientName",
ClientSecrets = new List<Secret>
{
new Secret("AVerySecretSecret".Sha256())
},
Flow = Flows.ClientCredentials,
AllowClientCredentialsOnly = true,
AllowedScopes = new List<string>
{
"Read"
},
Claims = new List<Claim>
{
new Claim("client_type", "headless"),
new Claim("client_owner", "Portal"),
new Claim("add_detail", "allow")
},
PrefixClientClaims = false
}
};
}
I have a Scope of Read and send that Scope when getting the Bearer Token and if I use an Authorize tag with no Roles specified everything works. 我具有读取范围,并在获取承载令牌时发送该范围,并且如果我使用未指定任何角色的Authorize标签,则一切正常。 As soon as I add a Role authorization is denied.
一旦添加角色授权,该授权就会被拒绝。 How do I modify the Client to add the "Read" Role?
如何修改客户端以添加“读取”角色?
Some background is I'd like to use Swagger via Swashbuckle to give clients a sandbox to play with the API and I can't get the authorization to work, so I'd like to add Role since this seems to get the Swagger UI closer to working. 有一些背景是我想通过Swashbuckle使用Swagger为客户端提供一个可以使用API的沙箱,但是我无法获得授权才能工作,所以我想添加Role,因为这似乎使Swagger UI更加接近去工作。
Unfortunately this mapping ends up breaking the specific claim names defined as name
and role
, because their names get transformed and no longer map to what you were expecting. 不幸的是,这种映射最终破坏了定义为
name
和role
的特定声明名称,因为它们的名称已转换并且不再映射到您期望的名称。
This results in the [Authorize(Roles = "")]
and User.IsInRole("")
not working as expected. 这会导致
[Authorize(Roles = "")]
和User.IsInRole("")
无法正常工作。
Please refer also this 请也参考 这个
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.