Role based claims in Identity Server 3 + AspNet Identity

Question

I am using ASP.NET 5 beta 8 and Identity Server 3 with AspNet Identity user service implementation. By default AspNet Identity provides table called AspNetRoleClaims which looks good for my case. I have different roles in my system and each role has some permissions and I want to implement it as claims. So each role will have a set of claims.

I didn't find any example of using AspNetRoleClaims table on internet, so maybe it would be better to just create my own tables and implementation?

What is the best practice to handle permissions for roles?

Thanks in advance! Sergii.

Answer 1

Sergii,

I was looking for something similar and it looks like all of the Role information, including RoleClaims is handled in The Role Manager with method GetClaimsAsync, AddClaimAsync, RemoveClaimAsync You can look at the ASP Identity code here: https://github.com/aspnet/Identity/blob/dev/src/Microsoft.AspNet.Identity/RoleManager.cs

Within the Role Manager, I can manage Roles. Examples:

Create Role

await RoleManager.CreateAsync(new IdentityRole { Name = "Test" });

Create Role Claim

var roleResult = await RoleManager.AddClaimAsync(role, new Claim("Dashboard", "Read"));

Then to check against roles or claims you now use Policies and Requirements. This article explained things very nicely.

http://leastprivilege.com/2015/10/12/the-state-of-security-in-asp-net-5-and-mvc-6-authorization/

Hope that helps.