-
-
Notifications
You must be signed in to change notification settings - Fork 193
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error 403 on Admin API Request #203
Comments
Thank you for your message, I will check it - it is strange that you are not able to access API in case that your user has correct admin role. |
Yes, I have this problem even in the cloned project without touching anything. |
I also experienced the same problem. public class ICHAuthorizationMiddlewareResultHandler : IAuthorizationMiddlewareResultHandler
{
public Task HandleAsync(RequestDelegate next, HttpContext context, AuthorizationPolicy policy, PolicyAuthorizationResult authorizeResult)
{
var user = context?.User;
if (user != null)
{
if (user.Identity.IsAuthenticated)
{
return next(context);
}
}
context.Response.StatusCode = StatusCodes.Status403Forbidden;
return Task.CompletedTask;
}
} I don't believe this is a complete solution. |
Hi guys, sorry for delay, I will check it soon. |
Please try use following code in the
Check this commit: a437685 |
Hey @skoruba - your fix solves the issue. Thank you!!! |
Thank you @vpetkovic for feedback. |
Describe the bug
When I send a request to an admin API (
Policy = AuthorizationConsts.AdministrationPolicy
attribute) I get Error 403 Unauthorized. Even though the user has the admin role and the scope is the one defined for OidcApiName.Actually, there shouldn't be required to add the role claim for the client as it is already defined for the scope. Meaning that I can't use the admin API swagger in the cloned project even with the default settings.
To Reproduce
Send a request to the admin API with an admin role user. (like admin user in Admin API swagger)
.Net SDK version: 8.0.101
I tried to find the problem, added a role claim with the admin role value defined in appsettings.json, but to no avail. I also verified the token for the claim and it was present, but for some reasons when I reviewed the claims using
HttpContext.User.Claims
but there was norole
claim among he claims.So far my only solution is to comment the following in in adminAPI StartupHelper.cs:
Is there something that I did wrong or it is a bug?
The text was updated successfully, but these errors were encountered: