The OAuth server issues role claims using different claim type from System.Security.Claims.ClaimTypes.Role:
var adminRole = new Claim("CustomRole", "Admin");
context.Ticket.Identity.AddClaim(adminRole);
How can I tell the OAuthBearerAuthentication middleware to use my custom role claim type so it gets the Authorize attribute to work:
//Startup
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions ...
[Authorize(Roles = "Admin")]
public IHttpActionResult SecureAction()
In OnValidateIdentity function of OAuthBearerAuthenticationProvider, we can rebind ClaimsIdentity with appropriate RolaClaimType and NameClaimType:
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions
{
Provider = new OAuthBearerAuthenticationProvider
{
OnValidateIdentity = context =>
{
var claimsIdentity = new ClaimsIdentity(
context.Ticket.Identity.Claims,
OAuthDefaults.AuthenticationType,
CustomClaimTypes.Name,
CustomClaimTypes.Role);
context.Validated(claimsIdentity);
return Task.FromResult(0);
}
}
});