'Blazor Server AD Group Authentication - Not authorized
I am attempting to protect certain pages in my Blazor Server App using Active Directory Groups.
I have setup a group with the type "Security" in AD and taken note of the Object Id.
In the Startup.cs I have the following code:
services.AddAuthorization(options =>
{
options.AddPolicy("WarehouseUser", policy =>
policy.RequireClaim("directoryGroup", "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"));
// By default, all incoming requests will be authorized according to the default policy
options.FallbackPolicy = options.DefaultPolicy;
});
I have decorated my index.razor as below:
@attribute [Authorize(Policy = "WarehouseUser")]
But, when i hit the index page, even though i am definitely a member of this group in AD I get the error
Not authorized
I have also confirmed that the claim to the group is coming across with the following code in an unprotected page:
AuthenticationState authState = await AuthenticationStateProvider.GetAuthenticationStateAsync();
ClaimsPrincipal user = authState.User;
var g2 = user.Claims.Where(x => x.Type.Equals("groups")).ToList();
Can anyone offer any help please?
Solution 1:[1]
Found it!
the code in Startup.cs should be this:
options.AddPolicy("WarehouseUser", policy =>
policy.RequireClaim("groups", "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"));
directoryGroup should have been groups
HTH
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Trevor Daniel |