User.IsInRole always returns false in View or code using Policy based Authorization

Caesar Tex

I'm working on an Asp.net Core MVC app with windows authentication. I defined a policy based authorization role in startup.cs using the code below.

services.AddAuthorization(options => {
     options.AddPolicy("Main", policy => policy.RequireRole(Configuration["APP:ADGroup"]));
});

This works fine as long as I use Authorize attribute on a Controller method but if I try to use User.IsInRole("Main") in code then it fails and always returns false whether in code or view.

I essentially want to write a simple if statement in view that shows a link depending on user's role. E.g.

@if (User.IsInRole("Main"))
{
    <h1 class="display-4">Welcome Main</h1>
}
else
{
    <h1 class="display-4">Welcome Others</h1>
}

It always returns Others...

If I use

@if(User.IsInRole("AdGroupname"))
     do something

then it works.

I guess the question is how do I get it to work with just the policy name instead of the entire AD group name?

JCH

Check this MS docs link. It describes policy based authorization using IAuthorizationService.

@using Microsoft.AspNetCore.Authorization
@inject IAuthorizationService AuthorizationService

@if ((await AuthorizationService.AuthorizeAsync(User, "PolicyName")).Succeeded)
{
    <p>This paragraph is displayed because you fulfilled PolicyName.</p>
}

Note the warning at the bottom of the docs page about using this method

Warning

Don't rely on toggling visibility of your app's UI elements as the sole authorization check. Hiding a UI element may not completely prevent access to its associated controller action. For example, consider the button in the preceding code snippet. A user can invoke the Edit action method if he or she knows the relative resource URL is /Document/Edit/1. For this reason, the Edit action method should perform its own authorization check.

Collected from the Internet

Please contact [email protected] to delete if infringement.

edited at
0

Comments

0 comments
Login to comment

Related

Proper way to assess Role in Authorization as User.IsInRole() always returns false

User.IsInRole always returns false with Token Authentication

User.IsInRole() always returns false only in controller

ASP.NET Core Identity 2: User.IsInRole always returns false

Policy-based authorization - Auth0 Authentication - Always Returns Forbidden 403

MVC 4: User.IsInRole() returns false after logout

Using User.IsInRole returns random result when UserRole changes

ASP.NET Core Custom Role Based Authorization (Custom User.IsInRole)?

User.IsInRole return false

Laravel policy always false

Why does @User.IsInRole always return false in _Layout.cshtml

Usage of User.IsInRole() in a View

User.IsInRole() returns false and Authorize Roles gives me an Access Denied

IP based authorization policy with Attributes

Policy based authorization on razor pages

getRequestProperty("Authorization") always returns null

Laravel policy always returns 403

user.is_authenticated always returns False for inactive users on template

SignInManager.IsSignedIn(User) method always returns false

mvcSiteMap Bootstrap showing links based on user roles without using User.IsInRole

laravel policy authorize always false

Contains always returns false

isEqualToString always returns False

hasNextLine() always returns false

isHardwareAccelerated() always returns false

Always returns false

StrPos always returns False?

The next code always returns false for some reason when it shouldn't

React - Check if function returns true but always runs code for false