I implemented an Api 2 token-based authentication application using OWIN middleware, authentication succeeded, where I can get the token and use it to access the Api web method.
However, when I tried to add role authorization, it did not work, I searched carefully and found that I needed to add the following to the "GrantResourceOwnerCredentials provider" of the oAuthorization provider:
identity.AddClaim(new Claim(ClaimTypes.Role, "the role that i need to add"));
The above line is all I can get, it is also in the WebAPI Authorization Roles oauth owin
However, when I use a token to access any method (even authorized with a different role), it still extracts the results.
I mean when, for example, in an API controller: it looks like the following:
[Authorize(Roles = "Admin")]
while in the "GrantResourceOwnerCredentials" method, I only added the Employee role:
var oAuthIdentity = new ClaimsIdentity(context.Options.AuthenticationType); oAuthIdentity.AddClaim(new Claim(ClaimTypes.Role, "Employee"));
In addition, the table in the server explorer that contains the AspNetUserRoles roles is not updated.
What am I missing ???
source share