Giters

JonPSmith / AuthPermissions.AspNetCore

This library provides extra authorization and multi-tenant features to an ASP.NET Core application.

Home Page:https://www.thereformedprogrammer.net/finally-a-library-that-improves-role-authorization-in-asp-net-core/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

API using AuthP and AzureAd Token

Luis-G opened this issue · comments

commented

Hello.

I hope I can properly explain the issue I am having.

I am currently working in a project (.Net7) and I am using Azure Ad first time and your library also for the first time.
Since one of the requirements is the usage of MariaDB.
That was the easy part thanks to the flexibility of your library.
As least the creation of the db and the tables.
AddRolesPermissionsIfEmpty
AddTenantsIfEmpty
AddAuthUsersIfEmpty
all work.

The issue is that I keep getting 403 in postman and the console
Authorization failed. These requirements were not met:
AuthPermissions.AspNetCore.PolicyCode.PermissionRequirement
[14:23:33 INF] AuthenticationScheme: Bearer was forbidden.
when I try [HasPermission] but [Authorize] works ok.

I tried following your Example 5 but in my case I use
AddMicrosoftIdentityWebApiAuthentication
if I use AddMicrosoftIdentityWebAppAuthentication postman returns an html page

I tried using
webBuilder.Services.RegisterAuthPermissions(opt => {
opt.TenantType = TenantTypes.SingleLevel;
})
.AzureAdAuthentication(AzureAdEventSettings.AzureAdDefaultSettings(JwtBearerDefaults.AuthenticationScheme))
.UsingEfCoreMariaDb("connection")
.AddRolesPermissionsIfEmpty(ApiAuthSetupData.RolesDefinition)
.AddTenantsIfEmpty(ApiAuthSetupData.TenantDefinition)
.AddAuthUsersIfEmpty(ApiAuthSetupData.UsersRolesDefinition)
.RegisterAuthenticationProviderReader()
.SetupAspNetCoreAndDatabase();

and

webBuilder.Services
.RegisterAuthPermissions(opt => {
opt.TenantType = TenantTypes.SingleLevel;
opt.ConfigureAuthPJwtToken = new AuthPJwtConfiguration
{
Issuer = jwtData.Issuer,
Audience = jwtData.Audience,
SigningKey = jwtData.SigningKey,
TokenExpires = new TimeSpan(0, 5, 0), //Quick Token expiration because we use a refresh token
RefreshTokenExpires = new TimeSpan(1, 0, 0, 0) //Refresh token is valid for one day
};
})
.AzureAdAuthentication(AzureAdEventSettings.AzureAdDefaultSettings(JwtBearerDefaults.AuthenticationScheme))
.UsingEfCoreMariaDb("connection")
.AddRolesPermissionsIfEmpty(ApiAuthSetupData.RolesDefinition)
.AddTenantsIfEmpty(ApiAuthSetupData.TenantDefinition)
.AddAuthUsersIfEmpty(ApiAuthSetupData.UsersRolesDefinition)
.RegisterAuthenticationProviderReader()
.SetupAspNetCoreAndDatabase();

Not sure what I am missing, I hope you can point in the right direction.

Thank you.

commented

Hi.
Just to let you know that I managed to get it working.
I had to override SetupOpenAzureAdOpenId.
Thank you anyway.
Keep up the good work.