Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Roles set via AAD not detected
See original GitHub issueI’ve configured DAB to use AAD. I can correctly authenticate but I cannot use the role I have defined in AAD - and that are present in my token - to access a protected entity.
This is part of my token:
"aud": "3b294ef8-c570-4c75-b77e-95fa92527a67",
"iss": "https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/v2.0",
"name": "Davide Mauri",
"preferred_username": "damauri@microsoft.com",
"roles": [
"contributor"
],
"scp": "EndpointAccess",
"ver": "2.0"
this is how I have configured my dab-config.json file:
"authentication": {
"provider": "AzureAD",
"jwt": {
"audience": "3b294ef8-c570-4c75-b77e-95fa92527a67",
"issuer": "https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/v2.0"
}
}
I was able to debug the code and I noticed that line 63 in .\src\Service\Authorization\ClientRoleHeaderAuthorizationMiddleware.cs
return httpContext.User.IsInRole(clientRoleHeaderValue);
always returns false. clientRoleHeaderValue correctly contains the role I specify in the X-MS-API-ROLE , but even if the value matches the one in the Claim (‘contributor’), false is returned anyway.
Issue Analytics
- State:
- Created a year ago
- Comments:6 (6 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
oct2022
@seantleonard, Is there documentation that explains to use short name like
rolesand not the URL value?