Blazor WASM, IdentityServer4 with Multiple Roles, Additional User Claim(s) & gRPC Roles Authorization
(Whoa Nelly, this thing does work!) 😉
(To run this repo you'll need .NET 6.0 SDK and Visual Studio Preview)
I've added Role Authorization to the -Greeter -gRPC -Service:
Server/Startup.cs
endpoints
.MapGrpcService<GreeterService>()
.RequireAuthorization(new AuthorizeAttribute { Roles = "Administrator"})
.EnableGrpcWeb();
I've also added a Client/Claims.razor page with a list of the current user's claims.
It uses Kestrel as the default webserver, a SQLite database and is "CTRL-F5'able" without any further configuration.
You can delete de SQLite database and migrations folder if you want and use the following commands in Visual Studio's Package Manager Console to re-create the db.
- Add-Migration InitialCreate
- Update-Database
At first run the app will create 2 users (if they don't exist, see: Server/SeedData.cs)
admin@example.com
/Qwerty1234#
user@example.com
/Qwerty1234#
and 2 roles:
- Users
- Administrators
The 'Administrators' & 'Users' roles will be assigned to: admin@example.com
The 'Users' role will be assigned to: user@example.com
(By George, I think I've got it)
- I've extended ASP.NET Identity AspNetUsers table with an extra 'CustomClaim' field (see: Server/Models/ApplicationUser.cs).
- Seeded a value to that
CustomClaim
field in: Server/Data/SeedData.cs - Added: Server/AppClaimsPrincipalFactory.cs
- Modified: Server/Startup.cs to use
AppClaimsPrincipalFactory.cs
- When you run the app you'll see the
custom_claim
in the Client/Pages/Claims.razor page