using App.Shared;
...
namespace App.Server
{
public class Startup
{
...
public void ConfigureServices(IServiceCollection services)
{
...
services.AddDefaultIdentity<AppUser>(options =>
{
options.SignIn.RequireConfirmedAccount = true;
})
.AddRoles<IdentityRole>()
.AddEntityFrameworkStores<AppDb>();
services.AddIdentityServer()
.AddApiAuthorization<AppUser, AppDb>(options =>
{
// https://github.com/dotnet/AspNetCore.Docs/issues/17649
options.IdentityResources["openid"].UserClaims.Add("role");
options.ApiResources.Single().UserClaims.Add("role");
});
// Need to do this as it maps "role" to ClaimTypes.Role and causes issues
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Remove("role");
services.AddAuthentication()
.AddIdentityServerJwt();
services.AddAuthorization(options => options.AddAppPolicies());
...
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
...
app.UseAuthentication();
app.UseAuthorization();
app.UseIdentityServer();
...
}
}
}
using App.Client.Services;
using App.Shared;
...
namespace App.Client
{
public class Program
{
public static async Task Main(string[] args)
{
...
builder.Services.AddAuthorizationCore(options => options.AddAppPolicies());
// 2 calls to AddApiAuthorization are necessary in 3.2-preview3
// should be fixed in 3.2-preview4
// https://github.com/dotnet/aspnetcore/issues/19854
// https://github.com/dotnet/AspNetCore.Docs/issues/17649#issuecomment-612442543
builder.Services.AddApiAuthorization();
builder.Services.AddApiAuthorization(options =>
{
options.UserOptions.RoleClaim = "role";
});
...
}
}
}