Code Monkey home page Code Monkey logo

blazorwasmauthorization's Introduction

BlazorWASMAuthorization

Introduction

This small project is about how to get the roles of a user which is authenticated via Azure Active Directory (AAD) and has a roles assigned in AAD.

If you have the role you can hide UI elements (e.g. menu entries or links) and deny calls to pages (e.g. Admin area)

If you create your project with the following command, authentication works fine against the AAD but every check regarding the role ( IsInRole or [Authorize(Roles="Admin")]) will fail.

The reason is how the roles claim is transfered to the client. The framework expects a string with a list of roles, but the client gets an array of strings

Getting started

To setup your Azure environment follow the instructions at the following link (Microsoft docs)

Secure an ASP.NET Core Blazor WebAssembly hosted app with Azure Active Directory

โš ๏ธ Don`t forget to check to the the API URL iin the client program.cs as mentioned in the docs

options.ProviderOptions.DefaultAccessTokenScopes.Add(
    "api://41451fa7-82d9-4673-8fa5-69eff5a761fd/API.Access");

Sometimes there is api://api://... if this is the case remove one "api://"

If the it's up and running you can use my nuget package or copy the code from this folder dnkh.AuthZ.WASM from this repo

Change the client code

Open the file program.cs in the client folder ( Blazor WASM project)

Add a using statement

using dnkh.AuthZ.WASM;

and replace the following code

    builder.Services.AddMsalAuthentication(options =>
    {
        builder.Configuration.Bind("AzureAd", options.ProviderOptions.Authentication);
        options.ProviderOptions.DefaultAccessTokenScopes.Add("api://41451fa7-82d9-4673-8fa5-69eff5a761fd/API.Access");
     });

with this code

            builder.Services.AddMsalAuthentication<RemoteAuthenticationState, AuthZUserAccount>(options =>
            {
                builder.Configuration.Bind("AzureAd", options.ProviderOptions.Authentication);
                options.ProviderOptions.DefaultAccessTokenScopes.Add("api://41451fa7-82d9-4673-8fa5-69eff5a761fd/API.Access");
                
                options.UserOptions.RoleClaim = "roles";

            }).AddAccountClaimsPrincipalFactory<RemoteAuthenticationState, AuthZUserAccount, AuthZUserAccountFactory>();

In my code example I moved the API Url into the appsettings.json file in the wwwroot folder.

blazorwasmauthorization's People

Contributors

dnkh avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.