'Adding more claims to JWT obtained externally (ASP NET)
So at work I was given the task of designing a database API, now security assessment has stated that the system must use Authentication and Authorization.
On top of that Authentication Happens through their NetScalar that forces the user to login with company credentials and in turn gives the user a token. This token will then be sent to my API in the header of each request.
Now here comes the issue. The token only contains a username, I however want to do a
[Authorize(Roles = "Admin")]
Check on my controllers. Now as the user has already been authenticated with his password and username I know that he has is a valid user however I would like to assign a role to him.
Now I'm open for suggestions on how to do this but the simplest way of fixing this that I could think of was to at each request query my DB for the users role and add it to the token claims.
However I don't know how to do this and also I have no idea if this is a good solution. I would appreciate any help with adding the claims (in code) or other solution (also code would be much appreciated).
Thank you!
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|