question

AnderssonJohan-4597 avatar image
0 Votes"
AnderssonJohan-4597 asked AnderssonJohan-4597 answered

Using BlazorServer Core 6 with single sign on from Company AD, how do I use that to authenticate/authorize with local SQL DB for roles/policies

so, BlazorServer app on Core 6
Using AD as single signon via IIS to app, gets the context.identity.user.name correct with domain/sAMAccountName set as the string.

But it's only valid within the [AuthorizeView][Authorized]

I also have a lot of roles defined, with corresponding AD connections, in a local Identity system which I can query via OData or SQL

how do I keep track of the user in the @code field? do I [Authorize] there to or? I don't see any examples of that
or do I need to create local identities from those contexts?

I would like to use the roles that are defined, with members, from my Identity system to authorize the authenticated users to my various places in the blazor pages and code.

but frankly, I don't understand how I would make that happen with this setup?

sql-server-transact-sqlwindows-server-securitydotnet-aspnet-core-blazor
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @AnderssonJohan-4597,

From the ASP.NET Core Blazor authentication and authorization document, we can know that, for the role-based authorization, we can use Roles parameter or the Policy parameter to handle it. Like this:

 @attribute [Authorize(Roles = "admin, superuser")]
 @attribute [Authorize(Policy = "content-editor")]

Besides, if the app is required to check authorization rules as part of procedural logic, use a cascaded parameter of type Task<AuthenticationState> to obtain the user's ClaimsPrincipal.

0 Votes 0 ·

1 Answer

AnderssonJohan-4597 avatar image
0 Votes"
AnderssonJohan-4597 answered

Ok,
I apparently have a lot more reading to do...
yes, I understand how the roles/policies are used once you have them defined.

I will check to see if I can find examples on how to use the AuthenticationState to catch the user principal and when.

Almost all the examples I can find seems to build their own userstore/roles in the application, which is not what I want, unless it is a must.

I will read that document again and see if it enlightens me on the subject.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.