abp icon indicating copy to clipboard operation
abp copied to clipboard

Published 20 hours ago verified publisher icon abpframework

For role-based authentication, tokens generated by AbpClaimTypes.Role cannot pass IsInRole

Open zhangzw218 opened this issue 1 year ago • 3 comments

Is there an existing issue for this?

  • [X] I have searched the existing issues

Description

I obtained the JWTToken through the authorization center, used the Policy in the project, and everything worked fine. [Authorize("aaPolicy")] But I Authorize with [Roles = "Admin"] response saying error 403. At last check, it was probably due to the difference between AbpClaimTypes.Role and ClaimTypes.Role. The test code is as follows:

	var claims = new List<Claim>();
	claims.Add(new Claim(AbpClaimTypes.Role, "Admin"));
	claims.Add(new Claim(ClaimTypes.Role, "Admin2"));
	var pri = new ClaimsPrincipal(new ClaimsIdentity(claims));
	var isRole = pri.IsInRole("Admin"); //false
	var isRole2 = pri.IsInRole("Admin2"); //true

If, I don't want to change AbpClaimTypes.Role to ClaimTypes.Role, is there any way to make [Authorize(Roles = "Admin")] take effect.

Reproduction Steps

No response

Expected behavior

No response

Actual behavior

No response

Regression?

No response

Known Workarounds

No response

Version

7.2.2

User Interface

Common (Default)

Database Provider

EF Core (Default)

Tiered or separate authentication server

None (Default)

Operation System

Windows (Default)

Other information

No response

zhangzw218 avatar Oct 25 '23 02:10 zhangzw218

Reproduction Steps

maliming avatar Oct 25 '23 03:10 maliming

Sorry, I can't reproduce the error. I have tried a demo of the abp sample (Ids2OpenId). Demo runs properly.

But my business code just isn't working, and I don't know why. So far, I can see that in the Demo, ClaimsRole in ClaimsPrincipal is a url address. In my problem project, ClaimsRole is a "role." I want to know where I'm going wrong, and I want a possible direction. I'll continue to try to reproduce this error tomorrow

image

zhangzw218 avatar Oct 25 '23 14:10 zhangzw218

Sorry, I can't reproduce the error. I have tried a demo of the abp sample (Ids2OpenId). Demo runs properly.

But my business code just isn't working, and I don't know why. So far, I can see that in the Demo, ClaimsRole in ClaimsPrincipal is a url address. In my problem project, ClaimsRole is a "role." I want to know where I'm going wrong, and I want a possible direction. I'll continue to try to reproduce this error tomorrow

image

Is the problem solved? The Role Cliams in my Principal are also Url, but Abp uses role when verifying the permission type.

tanshanli avatar Apr 04 '24 05:04 tanshanli