asp.net core - In JWT Authorization, check if user has role Admin -


i working on .net core api, , inside controller, have following code:

if (user.identity.isauthenticated) {     var username = httpcontext.user.findfirstvalue(claimtypes.nameidentifier);     var user = await _usermanager.findbynameasync(username);     artistcarddtocollection = _artistsservice.getallartists(user.id, user.isinrole("admin")); }

the code above because wish pass user.id (if logged in) , isadmin flag getallartists method.

the code above failing on user.isinrole("admin"). false when know 100% user in question admin. i've double checked database via sql management studio.

this makes me think 1 can't use user.isinrole() when working jwt. if case, correct way? thanks

probably caching issue user.isinrole(), if check documentation find:

isinrole first checks isrolelistcached property determine whether cached list of role names current user available. if isrolelistcached property true, cached list checked specified role. if isinrole method finds specified role in cached list, returns true. if isinrole not find specified role, calls getrolesforuser method of default provider instance determine whether user name associated role data source configured applicationname value.

in case can try use getrolesasync below:

var user = await _usermanager.findbynameasync(username); var roles = await _usermanager.getrolesasync(user); artistcarddtocollection = _artistsservice.getallartists(user.id, roles.contains("admin"));

Comments

Post a Comment

Popular posts from this blog

PHP and MySQL WP -

i trying accomplish 2 things here code. writing php directly wp page using insert php plugin. 1) query mysql database , return results 1 column 4 columns. 2) make each result own hyperlink directs user new wp page runs new query on page. i able query show results , turn results dynamic hyperlink, cannot formatting down. right returns result 1 column. here have: [insert_php] $servername = "localhost"; $username = "login"; //edited privacy $password = "password"; //edited privacy $database = "database"; //edited privacy // create connection $conn = new mysqli($servername, $username, $password, $database); // check connection if ($conn->connect_error) { die("connection failed: " . $conn->connect_error); } echo "connected successfully"; //get results database $result = mysqli_query($conn,"select mine mines order mine"); $all_property = array(); //declare array saving property //showing proper...
Read more

android - InAppBilling registering BroadcastReceiver in AndroidManifest -

i'm implementing inapp billing in android app. works well, however, i'm trying decouple broadcast receiver activity manifest. suggestion in android's trivialdrive sample: // important: dynamically register broadcast messages updated purchases. // register receiver here instead of <receiver> in manifest // because call getpurchases() @ startup, therefore can ignore // broadcasts sent while app isn't running. // note: registering listener in activity bad idea, done here // because sample. regardless, receiver must registered after // iabhelper setup, before first call getpurchases(). currently there's class extends broadcastreceiver : public class iabbroadcastreceiver extends broadcastreceiver { /** * intent action receiver should filter for. */ public static final string action = "com.android.vending.billing.purchases_updated"; private final iabbroadcastlistener mlistener; public iabbroadcastreceiver(iabbroadcastlistener listener) { m...
Read more

go - golang pprof for c library code -

i have been trying profile golang application pprof, seems details of c code(linked static library) missed in output result. flame graph from frame graph can see c code time consuming reported within "runtime._externalcode", no details @ all. , sure static library compiled debug enable. so there way make pprof details(like stack trace) of 3rd party c code? or there other golang profiling tool this?
Read more