Implement User Authorization for an ASP.NET Core 3.1 web app that gets a JWT(token) from an external source(Web API)

Question

I am working on an ASP.NET Core 3.1 web application that connects to a web API for authentication. For a successful login, the API will send back a JWT(token) with the user roles and other pertinent information.

This code is in my Web API LoginController

        /// <summary>
        /// Login asynchronously
        /// </summary>
        /// <returns></returns>
        [AllowAnonymous]
        [HttpPost("login")]
        public async Task<IActionResult> LoginAsync()
        {
            try
            {
                reader = new StreamReader(HttpContext.Request.Body);
                string requestFromPost = await reader.ReadToEndAsync();

                creds = JsonConvert.DeserializeObject<UserCredentials>(requestFromPost);

                var response = await authService.CreateAccessTokenAsync(creds);
                if (!response.Success)
                {
                    return BadRequest(response.Message);
                }

                var accessRscToken = new AccessTokenResource();

                accessRscToken.AccessToken = response.Token.Token;
                accessRscToken.RefreshToken = response.Token.RefreshToken.Token;
                accessRscToken.Expiration = response.Token.RefreshToken.Expiration; //expiration for refresh token
                accessRscToken.Message = "Login Successful.";
                accessRscToken.Status = HttpStatusCode.OK.ToString();
                accessRscToken.StatusCode = ((int)HttpStatusCode.OK).ToString();

                return Ok(accessRscToken);
            }
            catch (Exception ex)
            {
                //TODO: clean this up. 17/12/2020
                return StatusCode(StatusCodes.Status500InternalServerError, ex.Message);
            }
        }

I am able to get the claims principal after reading the JWT using the following code, in my web app(client) LoginController

var handler = new JwtSecurityTokenHandler(); //create new JwtSecurityTokenHandler
var jsonToken = handler.ReadJwtToken(authToken); //read the token
var claims = jsonToken.Claims; //get the roles/claims in the token

var principal = new ClaimsPrincipal(new ClaimsIdentity(claims)); //create a ClaimsPrincipal object

I want to hide or show menus in the navigation bar based on the roles from the JWT, using the following code in the view.

@if(User.IsInrole("Administrator"))
{ 
  //show menu if user in administrator role
}

How can I access the ClaimsPrincipal object in the view, or propagate the roles to the User object.

Thanks in advance.

Where do you get the token? The token will be assigned to `User` when user access the authorized action? — Karney., Mar 30 '21 at 02:06
You can use this approach: https://stackoverflow.com/questions/39125347/how-to-get-claim-inside-asp-net-core-razor-view. I hope this helps. — zekeriya kocairi, Mar 30 '21 at 17:45
johnny 5, I have edited my question to include logic from my API. The issue I am facing though is in the client. — Onsongo Moseti, Mar 30 '21 at 20:35

Implement User Authorization for an ASP.NET Core 3.1 web app that gets a JWT(token) from an external source(Web API)

0 Answers0