Authorize attribute - do I need to store the roles as claims?
Question
I'm working on a API which use bearer tokens and claims to authenticate and authorize my users.
Everything works great. But I am wondering about the roles management with this setup.
Do I have to store the roles as claims in order to get the [Authorize(Roles="")] attribute to work? Currently I have the user roles in two tables, AspNetUserRoles and AspNetUserClaims because the attribute does not read the user role if it's not in the token(not in claims table), It seems overkill to store the roles in two tables.
Why is that? Everything else related to the user is accessible through the UserManager, And I thought that the role would be read from the related entity and not through the token.
1 answers
solution1
0 2014-06-06 12:27:15
Oh, I see. Now it works. The roles in the AspNetUserRoles are automatically added to the token. So there is no need to store the roles in both tables. I don't know why it did not work before. But after some new token issuing it seems to work.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.