Question

Edit: I Answerd myself on this post. Its updated.

I authenticate users using the Windows Authenticate from Blazor. Now I want to authorize these users as well, I do this by having the users roll and userId in a database table that looks like this:

UserId	RoleId
3	1
7	1
112	1
4	2
7	2
8	2

The actual authorization happens in the CustomAuthenticationStateRrovider.cs

using Microsoft.AspNetCore.Components.Authorization;
using System.Diagnostics;
using System.Security.Claims;

namespace Authtest.Services
{
    public class CustomAuthenticationStateProvider : AuthenticationStateProvider
    {
        private List<UserRoles> userRoles = default!;
        
        public override async Task<AuthenticationState> GetAuthenticationStateAsync()
        {
            var userroleService = new UserRoleService();
            userRoles = userroleService.GetUserRolesListe();

            var identity = new ClaimsIdentity();

            foreach (var role in userRoles)
            {
                Debug.WriteLine($"Adding role {role.RoleId} to identity.");
                identity.AddClaim(new Claim(ClaimTypes.Role, role.RoleId.ToString()));
            }

            var user = new ClaimsPrincipal(identity);

            return new AuthenticationState(user);
        }
    }
}

As you can see in the screenshot the Database query works.Debug var user

The following problem I have now and that is in the index.razor as seen on the 2nd screenshot problem with auth, the Authorized part is displayed although my user has the role 1 and only users with the role 2 should see the text. A Different problem (which depends on the same solution I think) with the LoginDisplay.razor is why always the NotAuthorized part is displayed.

PS: I think the problem is that by creating a new ClaimsPrincipal I override the Windows authentication.

I made a brand new syncfusion blazor server application and put only the authentication part from my project in the new one, so I could try everything out, but nothing worked.

Edit: I even made a more detailed Screenshot from the user variable here.

Answer 1

Ok after some research and the comments on this post I tried something diffrent.

@page "/"
@using System.Diagnostics
@using System.Security.Claims
@using Authtest.Services
@inject AuthenticationStateProvider AuthenticationStateProvider
@inject UserRoleService UserRoleService

<PageTitle>Index</PageTitle>
<AuthorizeView Roles="1">
<Authorized>
    <p>This content is displayed only for users with role 1.</p>
</Authorized>
<NotAuthorized>
    <p>This content is displayed for all other roles and non-authorized users. 
</p>
</NotAuthorized>
</AuthorizeView>

@code{
private List<string> userRoles = new List<string>();
protected override async Task OnInitializedAsync()
{
    var authState = await 
AuthenticationStateProvider.GetAuthenticationStateAsync();
    var user = authState.User;

    if (user.Identity.IsAuthenticated)
    {
        var username = user.Identity.Name; 
        var roles = UserRoleService.GetUserRolesListe().Where(ur => 
ur.WindowsUser == username).Select(ur => ur.RoleId.ToString()).ToList();

        var identity = (ClaimsIdentity)user.Identity;
        identity.AddClaims(roles.Select(role => new Claim(ClaimTypes.Role, 
role)));

        foreach (var claim in identity.Claims.Where(c => c.Type == 
   ClaimTypes.Role))
        {
            Debug.WriteLine($"User {user.Identity.Name} has role: 
   {claim.Value}");
        }
    }

    await base.OnInitializedAsync();
  }
}

The result i get from my Debug.WriteLine is this: "User QUANDTjorge.ferreira has role: 1"

But I still get the NotAuthorized View Part (This content is displayed for all other roles and non-authorized users.)

My LoginDisplay.razor works just fine and shows me: "Hello, Username!" (beacuse it only has <AuthorizedView>)

友情链接