Claim not present in .Net
-
Hi folks,
After FusionAuth login, I don't have role claims in the .Net Identity. I use the .Net+React POC found here
https://github.com/FusionAuth/fusionauth-example-asp-net5-reactThis problem is similar to this post
https://fusionauth.io/community/forum/topic/1485/role-claims-issue-with-openidconnect-netcore5
However not exactly the same, I use both .Net and React, no razor pages. The solution of the post above doesn't work becauseAddOpenIdConnect ... OnMessageReceivedis never called. Not sure it's normal.As I see things in the .Net+React POC, they handle everything in the Session, they don't get anything special in
HttpContext.User.Identity, is it normal ?
Does it mean we can't have Role Claims when using a .Net + React solution ? I would expect the JWT token to convert into a proper .Net Identity.If anyone can get Role Claims in the .Net+React POC, please tell how
-
Thanks for the information.
I might need a bit more context, but it sounds like you are looking to store user identity information outside of a session.
These two articles may be of initial interest, based on a google search.
- https://andrewhalil.com/2020/09/14/role-retrieval-from-jwt-token-claims-in-net-core-applications/
- https://andrewhalil.com/2022/08/09/how-to-retrieve-user-context-from-jwt-bearer-tokens-in-net-core/
Let us know and we may be able to debug this a little bit further.
Thanks,
Josh -
J joshua referenced this topic on
-
@joshua said in Claim not present in .Net:
I might need a bit more context, but it sounds like you are looking to store user identity information outside of a session.
Indeed, the default .Net way to handle authentication and roles is of course not keeping user info (data from JWT token) in Session (ISession interface). .Net uses Identity and Claims for those sensitive data. This is where information from the JWT token should normally be stored. But looking at the POC on GitHub, it looks like you guys store this in Session, nothing in Identity and Claims. Am I wrong ?
-
@lionel-selosse I am not very familiar with dot net as a language; I would have to review that particular example application.
We are always open to feedback on our documentation and example applications. There may also be an opportunity to develop an alternative example application making use of other dot net security paradigms/workflows.
I will check in with the team and let you know if anything else surfaces to relay on.
Thanks,
Josh -
Ok thanks @joshua for your honest reponse
There is no shame to be new to .Net, it became so different to Java and other technos around. For sure let me know in case something new pops up. -
I have the exact same problem. I have a Net6 Web Api project with swagger client configured. I have no claims
I have AddJwtBearer with this settings
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.Authority = fusionAuthAuthority;
options.Audience = fusionAuthAudience;
options.RequireHttpsMetadata = false; // DEV only!!
});and swagger client configured this way
services.AddSwaggerGen(c =>
{
c.AddSecurityDefinition("oauth2", new OpenApiSecurityScheme
{
Type = SecuritySchemeType.OAuth2,
Flows = new OpenApiOAuthFlows
{
AuthorizationCode = new OpenApiOAuthFlow
{
AuthorizationUrl = new Uri($"{fusionAuthAuthority}oauth2/authorize?audience={fusionAuthAudience}", UriKind.Absolute),
TokenUrl = new Uri($"{fusionAuthAuthority}oauth2/token", UriKind.Absolute),
Scopes = new Dictionary<string, string>() { }} } }); c.AddSecurityRequirement(new OpenApiSecurityRequirement { { new OpenApiSecurityScheme { Reference = new OpenApiReference { Type = ReferenceType.SecurityScheme, Id = "oauth2" } }, Array.Empty<string>() } }); c.ExampleFilters(); c.DocumentFilter<OrderTagsDocumentFilter>();});
Any updates on this issue or hints ?
Thanks
Manlio