ASP.NET (OWIN): Authorization
This tutorial demonstrates how assign roles to your users, and use those roles to authorize or deny a user to access certain routes in the app. We recommend you to Log in to follow this quickstart with examples configured for your account.
I want to integrate with my app15 minutes
I want to explore a sample app2 minutes
Get a sample configured with your account settings or check it out on Github.
ASP.NET (OWIN) supports Role-based Authorization which allows you to limit access to your application based on the user's role. This tutorial shows how to add role information to the user's ID Token and then use it to limit access to your application.
Create a Rule to assign roles
First, we will create a rule that assigns our users either an
admin role or a single
user role. To do so, go to the new rule page and create an empty rule. Then, use the following code for your rule:
Update the code to check for your own email domain, or match the condition according to your needs. Notice that you can also set more roles other than
user, or customize the whole rule as you please.
This quickstart uses
https://schemas.quickstarts.com/roles for the claim namespace, but it is suggested that you use a namespace related to your own Auth0 tenant for your claims, e.g.
Restrict an action based on a user's roles
Update the OpenID Connect middleware registration inside your
Startup class to inform it which claim in the ID Token contains the role information by setting the
RoleClaimType property of the
TokenValidationParameters. The value you specify must match the claim you used in your rule.
Now you can add a new action to your controller and restrict it by decorating your controller actions with the
[Authorize(Roles = ?)] attribute.
The sample code below will restrict the particular action to users who have the "admin" role: