1

Ok, I remember back in regular ASP.NET 4 (before .NET Core - 2015 ish) it was not this convoluted to add a user to a role. But now I found it to be very difficult.

Using Sqlite database, and all the scaffolding and account creation works great. Even imported my contact subscriber list and it seamlessly created the CRUD - awesome.

Now I only need to restrict this page to Admins only, which I did this and works -- no access. I am on the step to add an Admin role and add a user to it.

After reading and trying code from many sites I find myself here for some direction.

Also I see a role and role claim which is confusing..

ASPNetModels

DbSet

Options

Ref: How to create roles in ASP.NET Core and assign them to users?

This may work if I knew where to put this for it to find the proper references.

private readonly UserManager<ApplicationUser> _userManager;
private readonly RoleManager<ApplicationRole> _rolesManager;

Not sure where the ApplicationUser and ApplicationRole is coming from.

Zippy
  • 455
  • 1
  • 11
  • 25
  • I'd suggest starting with [Introduction to Identity on ASP.NET Core](https://learn.microsoft.com/en-us/aspnet/core/security/authentication/identity?view=aspnetcore-6.0&tabs=visual-studio) and working through all of the articles in that section. Create an empty ASP.NET Core project and go through the steps to do all the scaffolding, etc. – Mr. T Mar 10 '22 at 22:47

2 Answers2

1

Assuming you have correctly configured Identity in your application with something similar to the following

builder.Services
    .AddIdentity<IdentityUser, IdentityRole>(options =>
        options.SignIn.RequireConfirmedAccount = true)
      .AddEntityFrameworkStores<WebApplication2Context>();

(in your case, IdentityUser is probably going to map to your AspNetUser class and IdentityRole would be your AspNetRole class, though I'm not sure where you got those classes or whether they properly inherit IdentityUser<T> and IdentityRole<T> - if they don't, you've gone down a dark and scary road...)

Once that's done (and you've applied all the EF Core migrations, etc. to get your database correctly built), you can do something like this to add a role and add a user to it

@page
@model IndexModel

@using Microsoft.AspNetCore.Identity
@inject UserManager<IdentityUser> _userManager
@inject RoleManager<IdentityRole> _roleManager

@{
    ViewData["Title"] = "Home page";

    await _roleManager.CreateAsync(new IdentityRole("Admin"));
    await _userManager.CreateAsync(new IdentityUser("foobar") { Email = "foo@bar.com" });

    var newUser = await _userManager.FindByNameAsync("foobar");
    await _userManager.AddToRoleAsync(newUser, "Admin");
}

If you're not sure your existing AspNetXxx classes are correct or correctly map to the related Identity classes, I'd suggest you start over and use the default implementations as much as possible. You can read about Identity Model Customization in ASP.NET Core to learn about the model and how all the different tables work together.

Mr. T
  • 3,892
  • 3
  • 29
  • 48
0

I think you need to "link" your "MyPolicyName" to your MVC.

https://learn.microsoft.com/en-us/aspnet/core/security/authorization/policies?view=aspnetcore-6.0#apply-policies-to-razor-pages

using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc.RazorPages;

namespace AuthorizationPoliciesSample.Pages;

[Authorize(Policy = "AtLeast21")]
public class AtLeast21Model : PageModel { }

...

Because of this "string-matching-magic" I would create a single-source-of-truth class.

public static class MyPolicyNames { public static string AtLeast21PolcyName = "AtLeast21PolicyName"; }

and refer to this const in both places. And eliminate future "where are the magic-strings" scavenger hunts.

=============

So you are using a Policy, but your "policy rule" is to then check a Role.

Should you be just using Role?

https://learn.microsoft.com/en-us/aspnet/core/security/authorization/roles?view=aspnetcore-6.0

I guess M$ says its "ok"

https://learn.microsoft.com/en-us/aspnet/core/security/authorization/roles?view=aspnetcore-6.0#policy-based-role-checks

granadaCoder
  • 26,328
  • 10
  • 113
  • 146
  • The authorization works, it is locked down but I need to create a role and add my user to an admin role to see the page. – Zippy Mar 10 '22 at 21:29
  • https://stackoverflow.com/a/50572725/214977 – granadaCoder Mar 10 '22 at 21:31
  • This is why my PERSONAL naming rule is to put the word "To" in the mapping/linking table name. dbo.DepartmentToEmployeeLink tablename for example. they all starting running together after a while. – granadaCoder Mar 10 '22 at 21:33
  • https://stackoverflow.com/questions/42471866/how-to-create-roles-in-asp-net-core-and-assign-them-to-users Do you have code to add a user/role and user-to-role link anywhere? – granadaCoder Mar 10 '22 at 21:38
  • dosent look like it, figured that aspnet would handle internally. Or at least have a template CRUD page for User Management. I looked at the examples and they all seem to reference _roleManager and I have to clue what the context of this is. – Zippy Mar 10 '22 at 21:48
  • private readonly UserManager _userManager; private readonly RoleManager _rolesManager; Both ApplicationXXXX cant be found. – Zippy Mar 10 '22 at 21:54