问题
Any idea what might be causing this? I can see the claims in User.Claims The only thing I can think of is that the claims from Azure Ad Roles come back differently than what IsInRole() checks for?
CorpAdmin Role showing in claims.
User.IsInRole returns false
[Startup.Auth][3]
Just to clarify, I AM getting roles back but I think they are not being added to the list of claims correctly and I cannot figure out why. Nerith IsInRole or [Authorize(Roles="...")] will correctly check the roles claims.
回答1:
Anyone of these changes worked for me:
TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuer = false,
RoleClaimType = System.Security.Claims.ClaimTypes.Role
},
or
TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuer = false,
RoleClaimType = "http://schemas.microsoft.com/ws/2008/06/identity/claims/role"
},
回答2:
You need to specify the name of the claims type that contains the roles. Like this:
TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
RoleClaimType = "roles"
},
回答3:
If you are having the same issue as I was, I created a custom AuthorizeAttribute class and I forget to override the AuthorizeCore function. Adding the code below resolved the issue for me.
//Core authentication, called before each action
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
return base.AuthorizeCore(httpContext);
}
回答4:
Add Validate Issuer= false;
TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = false,
NameClaimType = "name",
RoleClaimType = "http://schemas.microsoft.com/ws/2008/06/identity/claims/role"
}
来源:https://stackoverflow.com/questions/36487458/azure-ad-returning-roles-in-claims-but-user-isinrole-returns-false