JonPSmith
HasPermission Attribute
We have a .net 7 WebAPI project, and the HasPermission is reporting the following error.
System.InvalidOperationException: The AuthorizationPolicy named: 'InvoiceRead' was not found.
at Microsoft.AspNetCore.Authorization.AuthorizationPolicy.CombineAsync(IAuthorizationPolicyProvider policyProvider, IEnumerable`1 authorizeData, IEnumerable`1 policies)
at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddlewareImpl.Invoke(HttpContext context)
Yarp.ReverseProxy.Forwarder.HttpForwarder: Information: Received HTTP/2.0 response 500.
The User.HasPermission (extension method) on the same controller works as expected.
We think this may be related to DI. We have have tried stepping through the code and the AuthPermission tests have not turned up anything. What specifically wires up the HasPermission attribute (OR am I looking at the wrong thing completely)?
Hi @jimiscott,
Your problem is that the permissions doesn't have the Permission called InvoiceRead. There could be a number ways that that a specific Permission might not work. Here are the most likely the problem.
- If all of the Permissions don't work, then you might have not added the Permissions into the the JWT token. In the AuthP library I use a
TokenBuilderto add the claims to the JWT token. See Example2 in the AuthP code. NOTE: You can build your own version of theTokenBuilder, but you make sure the claims are set up properly. - If you are missing a single Permission, in your case
InvoiceRead, then is there a Permission is missing in the enum registered in the<YourPermissionsEnum>registered via the AuthP'sbuilder.Services.RegisterAuthPermissions<YourPermissionsEnum>.
If either of the two suggestions don't work, then have a look at the Example2 example in the AuthP code to see what it does. It very simple and might point out something you missed.
