locked
Claims Saving to custom field RRS feed

  • Question

  • User-183185495 posted

    Ok So I managed to get my claims extrra fields into the AspnetUserClaims table my question is how do i save against those fields when am doing the following.

     await userManager.AddClaimAsync(defaultUser, new Claim("Permission","Create"));                
     await userManager.AddClaimAsync(defaultUser, new Claim("Permission","Read"));
     await userManager.AddClaimAsync(defaultUser, new Claim("Permission", "Updated"));                
     await userManager.AddClaimAsync(defaultUser, new Claim("Permission", "Delete"));
    

    I thought I should be able to just go this but it doesnt allow me to

    await userManager.AddClaimAsync(defaultUser, new Claim("Permission","Create","ControllerName", "AreaName"));                

    But of course claim knows nothing about my backing fields?

    This is how am creating the extra fields and why do it also create the extra discrimator field i didnt ask it to.

    public  class AspNetUserClaims : IdentityUserClaim<string>
    {
            public string? Controller { get; set; }
            public string? Area { get; set; }
            public string? Action { get; set; }
            public bool? isActive { get; set; }
            public string? Name { get; set; }
    }

    Friday, May 14, 2021 8:16 PM

All replies

  • User475983607 posted

    It looks like you used inheritance.  Create a new derived class not the base class.  The base class knows nothing about the Controller and Area fields. 

    Friday, May 14, 2021 8:45 PM
  • User-183185495 posted

    Create a new derived class not the base class.

    Sorry what do u mean

    Friday, May 14, 2021 8:46 PM
  • User475983607 posted

    Frankly, I would use the controller or area/controller as the type.  Then you can look up the value from the route.  

    Friday, May 14, 2021 8:51 PM
  • User-183185495 posted

    I suppose i could just parse it like using a - or something?

    Frankly, I would use the controller or area/controller as the key.

    Friday, May 14, 2021 8:52 PM
  • User-183185495 posted

    I still need the is active field as am wanting to give the user some kind of managment screen for the permissions.

    Frankly, I would use the controller or area/controller as the type.  Then you can look up the value from the route.  

    Friday, May 14, 2021 8:53 PM
  • User475983607 posted

    I suppose i could just parse it like using a - or something?

    I don't know how your application works but it seems like you want granular control over HTTP methods.  I would use the URL (route) and HTTP verbs as the value.

    Friday, May 14, 2021 8:55 PM
  • User475983607 posted

    I still need the is active field as am wanting to give the user some kind of managment screen for the permissions.

    I do not understand the requirement or how it relates to a permissions screen?  Either the user has a claim (active) or does not have the claim (not active).  

    I think it is important to mention this design has the potential to reach the authentication cookie maximum size.  A better approach might be a separate table to hold the authorization data.  Cache the user's authorization data during login.

    Friday, May 14, 2021 9:46 PM