[英]Keycloak user roles angular and .net core
i have a Keycloak question. 我有一个Keycloak问题。 I want to add user roles to my Angular (Client) / .net core (Backend) Application. 我想将用户角色添加到我的Angular(客户端)/ .net核心(后端)应用程序。 I have no experience, so I looked at this tutorial: https://medium.com/@xavier.hahn/adding-authorization-to-asp-net-core-app-using-keycloak-c6c96ee0e655 我没有经验,所以我查看了本教程: https : //medium.com/@xavier.hahn/adding-authorization-to-asp-net-core-app-using-keycloak-c6c96ee0e655
My client send the token to the backend. 我的客户端将令牌发送到后端。 In the backend I add the [Authorize] attribute to my Controller class. 在后端,我将[Authorize]属性添加到我的Controller类。 If I send a get to the backend, the authorization process works fine I get the data. 如果我发送一个get到后端,授权过程工作正常,我得到数据。 But, if I set the [Authorize(Roles = "Administrators")] to the controller method I get a 403 error: 但是,如果我将[Authorize(Roles =“Administrators”)]设置为控制器方法,我会收到403错误:
Response {_body: "", status: 403, ok: false, statusText: "Forbidden", headers: Headers, …}
headers: Headers {_headers: Map(5), _normalizedNames: Map(5)}
ok: false
status: 403
statusText: "Forbidden"
type: 2
url: "http://localhost:64336/api/SampleData/authorization"
_body: ""
__proto__: Body
In the access token the user_roles are set: 在访问令牌中设置了user_roles:
"user_roles": [
"uma_protection",
"Administrators",
"Users"
],
Does anyone have an idea what's wrong, or does someone know another tutorial? 有没有人知道什么是错的,或者有人知道另一个教程?
Many Thanks 非常感谢
Keycloack 4.8.3. Keycloack 4.8.3。
.net core 2.2 .net核心2.2
Angular 7 Angular 7
you need to verify that your settings are correct. 您需要验证您的设置是否正确。
In the Startup file: 在启动文件中:
services.AddAuthorization(options =>
{
options.AddPolicy("MyPolice", policy => policy.RequireClaim("myMapper", "MyRole"));
});
In the Controller file: 在Controller文件中:
[HttpGet]
[Authorize(Policy = "myPolicy")]
public ActionResult Protect()
{
return Ok("myPolicy work");
}
In the Keycloak, create a role (Clients/Roles/Add Role): Create Role 在Keycloak中,创建角色(客户端/角色/添加角色): 创建角色
In the Keycloak, create a mapper (Clients/Mapper/Create): Create Mapper 在Keycloak中,创建一个映射器(Clients / Mapper / Create): Create Mapper
In the keycloak, create a service account role for you client (Clients/Service Account Roles): Create membership between client and role 在keycloak中,为您的客户端创建服务帐户角色(客户端/服务帐户角色): 在客户端和角色之间创建成员资格
Now it should work :) 现在它应该工作:)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.