I have an .net core 2.2 api which generates (on a successful login) a JWT token which contains a claims identity that passes along information such as the username, permissions and roles of the authenticated user.
In my .net core 2.2. web app I have a login mechanism which retrieves the JWT token via the user of a controller.
My question is.
How can I expand the token from within my login controller and set up my web app to include the use of the authentication mechanisms like User.Identity.IsAuthenticated
, User.IsInRole("Admin")
and controller actions like [Authorize]
and [Authorize(Roles="Admin")]
I've been directed towards looking at the source code behind external authentication providers such as facebook/google but to no avail.
Thanks in advance.
First step is to use
cookie authentication
inStartup.cs
:In the
Configure
method, use theUseAuthentication
method to invoke the Authentication Middleware that sets the HttpContext.User property. Call the UseAuthentication method before callingUseMvcWithDefaultRoute
orUseMvc
:Then in your auth controller , after getting token and decode to get the claims , you should create new
ClaimsIdentity
, add your claims and sign-in user :After that , you can use
User.Identity.IsAuthenticated
,User.IsInRole("Admin")
and[Authorize(Roles="Admin")]
: