Efficiently check role claim

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP



Efficiently check role claim



I'm developing an Asp.NET MVC5 web application (.NET 4.6) and I need to show some extra lines of HTML to a group of users with a specific claim. I've seen some verbose solutions but I prefer to keep it short, so I came up with this


@
if (System.Security.Claims.ClaimsPrincipal.Current.Claims.ToList().FirstOrDefault(c => c.Type == "role" && c.Value == "AwesomeUserRole") != null)
<!-- my HTML goes here -->




Is it a good way to check for an authenticated user claim or is there a best practice to follow? Any cleaner / more efficient solution is welcome as well.




2 Answers
2



Because all Identity objects in ASP.NET are now a ClaimsIdentity, you could always cast the current IPrincipal to a ClaimsIdentity:


Identity


ClaimsIdentity


IPrincipal


ClaimsIdentity


((System.Security.Claims.ClaimsIdentity)User.Identity).HasClaim("role", "AwesomeUserRole")



But it is actually easiest to just use User.IsInRole("AwesomeUserRole")


User.IsInRole("AwesomeUserRole")



As long as you haven't changed the default configuration, claims with the type of role are automatically fed into the roles collection for the thread principal.


role



If you need to check for additional claim types besides roles, I usually create a set of extension methods for IPrincipal that wrap the claim checks:


IPrincipal


public static bool CanDoX(this IPrincipal principal)

return ((ClaimsIdentity)principal.Identity).HasClaim(claimType, claimValue);



The benefit of the extension method is that you can check for any kind of claim and return any values they may contain, not just whether or not the claim exists.





((System.Security.Claims.ClaimsIdentity)User.Identity).HasClaim("role", "miAdmin") and User.IsInRole("miAdmin") don't return the same value for me. The first is correct for me. Not sure why User.IsInRole("miAdmin") isn't working.
– RayLoveless
Dec 12 '16 at 18:53





Check that the Identity is using "role" as its role claim type, the default is a uri
– Paul Hatcher
Dec 13 '16 at 13:07



Bear in mind that a Principal can have more than one identity associated with it, e.g. you have authenticated with Windows Authentication, but then added a custom identity with claims from your database.



So any claim check potentially needs to look at all identities, here's a couple of extension methods that will help


public static bool ClaimExists(this IPrincipal principal, string claimType)

var ci = principal as ClaimsPrincipal;
if (ci == null)

return false;


var claim = ci.Claims.FirstOrDefault(x => x.Type == claimType);

return claim != null;


public static bool HasClaim(this IPrincipal principal, string claimType,
string claimValue, string issuer = null)
x.Issuer == issuer));

return claim != null;






By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.

-

Popular posts from this blog

make 2 or more post in bootsrap

Image
Clash Royale CLAN TAG #URR8PPP make 2 or more post in bootsrap I am making a CMS and I want to add two or more content post in every row, I can made one post in one columns, please see my code below. I am using PHP , HTML and bootstrap . CMS PHP HTML bootstrap How can I add two or more content post in every row? Code: <div class="container"> <div class="row"> <!-- Post Content Column --> <div class="col-lg-4 border border-dark rounded"> <?php $query = "SELECT * FROM POSTS"; $run_query_post = mysqli_query($connection, $query); while ($row = mysqli_fetch_assoc($run_query_post)) $post_id = $row['post_id']; $post_title = $row['post_title']; $post_author = $row['post_author']; $post_date = $row['post_date']; $post_image = $row['post_image']; $post_content = substr($row['post_content'], 0, 50); $post_status = $row['post_status']; if ($post_status !=...
Read more

Store custom data using WC_Cart add_to_cart() method in Woocommerce 3

Image
Clash Royale CLAN TAG #URR8PPP Store custom data using WC_Cart add_to_cart() method in Woocommerce 3 I am creating a membership site and totally created static pages for each Membership plans (have only 3 plans). However, I have added products for each plan and when I hit SELECT PLAN button I redirect to some custom form where I ask users range of info we are going to use to fulfil the plan (same as sneakertub.com). I have written code into the PHP page which will handle SUBMIT action of the form. This PHP file, infopage.php , will process POST data I sent via POST call and stores these all data into WC session. infopage.php $customer_name = $_POST["customer_name"]; $customer_email = $_POST["customer_email"]; $customer_sex = $_POST["customer_sex"]; $customer_age = $_POST["customer_age"]; $product_id = $_POST["product_id"]; global $wp_session; $data = array( 'customer_name' => $customer_name, 'customer_email' =...
Read more

Firebase Auth - with Email and Password - Check user already registered

Image
Clash Royale CLAN TAG #URR8PPP Firebase Auth - with Email and Password - Check user already registered I want to check when a user attempts to signup with createUserWithEmailAndPassword() in Firebase user Authentication method, this user is already registered with my app. createUserWithEmailAndPassword() 8 Answers 8 To detect whether a user with that email address already exists, you can detect when the call to createUserWithEmailAndPassword () fails with auth/email-already-in-use . I see that @Srinivasan just posted an answer for this. createUserWithEmailAndPassword () auth/email-already-in-use Alternatively, you can detect that an email address is already used by calling fetchSignInMethodsForEmail() (previous called fetchProvidersForEmail() ). fetchSignInMethodsForEmail() fetchProvidersForEmail() When the user trying to create an user with same email address, the task response will be "Response: The email address is already in use by another account." mFirebas...
Read more