Why is ASP.NET Core Identity 2.0 Authorize filter causing me to get a 404?

Question

I have a controller that I want to restrict only to a specific role, let\'s say admin. After setting a user with the admin role, I can validate tha

Answer 1

I think that what you need is to check claims, not roles. Add an AuthorizeAttribute such as:

[Authorize(Policy = "AdminOnly")]

And then configure a policy that requires a claim:

services.AddAuthorization(options =>
{
    options.AddPolicy("AdminOnly", policy =>
                      policy.RequireClaim(OpenIdConnectConstants.Claims.Role, "Admin"));
});

Or, for debugging purposes or more advanced validation, you could have:

services.AddAuthorization(options =>
{
    options.AddPolicy("AdminOnly", policy =>
                      policy.RequireAssertion(ctx =>
   {
       //do your checks
       return true;
   }));
});