Owin claims - Add multiple ClaimTypes.Role

Question

I have an application in which users can be assigned the following roles:

SuperAdmin
Admin
User

One user may have assigned two or more roles, eg. both SuperAdmin and User. My application uses claims, and therefore i want to authenticate user roles through claims too. like:

[Authorize(Roles="Admin")]

Unfortunately, i dont know how i can add multiple roles to my ClaimTypes.Role. I have the following code:

var identity = new ClaimsIdentity(new[] {
                new Claim(ClaimTypes.Name, name),
                new Claim(ClaimTypes.Email, email),
                new Claim(ClaimTypes.Role, "User", "Admin", "SuperAdmin")
        },
            "ApplicationCookie");

As you can see, i tried to add more roles for the sake of illustrating, but obviously its done in a wrong way, and therefore doesn't work. Any help is therefore much appreciated.

score 98 · Accepted Answer · answered Mar 14 '17 at 16:33

98

A claims identity can have multiple claims with the same ClaimType. That will make it possible to use the HasClaim method for checking if a specific user role is present.

var identity = new ClaimsIdentity(new[] {
            new Claim(ClaimTypes.Name, name),
            new Claim(ClaimTypes.Email, email),
            new Claim(ClaimTypes.Role, "User"),
            new Claim(ClaimTypes.Role, "Admin"), 
            new Claim(ClaimTypes.Role,"SuperAdmin")
    },
        "ApplicationCookie");

answered Mar 14 '17 at 16:33

cpr43

2,942
1
18
18

1

why did you hard coded the values? consider the case in which an applicationuser has a property role of list type then how would you solve? – TAHA SULTAN TEMURI Sep 30 '19 at 07:11
3

@TAHASULTANTEMURI if ```roles``` are in a list you can do ```foreach (var role in roles) claims.Add(new Claim(ClaimTypes.Role, role));``` – fozylet Aug 11 '20 at 04:56

score 8 · Answer 2 · answered Sep 30 '19 at 07:23

@Parameswar Rao explained well but in case of dynamic roles

For example a user object already has property role of type list like

then using localfunctions

  ClaimsIdentity getClaimsIdentity()
                {
                    return new ClaimsIdentity(
                        getClaims()
                        );

                   Claim[] getClaims()
                    {
                        List<Claim> claims = new List<Claim>();
                        claims.Add(new Claim(ClaimTypes.Name, user.UserName));
                        foreach (var item in user.Roles)
                        {
                            claims.Add(new Claim(ClaimTypes.Role, item));
                        }
                        return claims.ToArray();
                    }

                }
                    var tokenDescriptor = new SecurityTokenDescriptor
                    {


                        Subject = getClaimsIdentity()
                    }

Owin claims - Add multiple ClaimTypes.Role

2 Answers2

Linked