Add role-based authorization to MeController

marcominerva · marcominerva · commit c80526e93a20 · 2025-10-15T17:38:11.000+02:00
Updated MeController to include role-based authorization by modifying the Get method to accept role settings and return user roles. Added AdministratorOnly and UserOnly endpoints with role-based access. Updated User record to include roles. Extended appsettings.json for role configuration. Adjusted Program.cs for new authorization requirements.
diff --git a/samples/Controllers/ApiKeySample/Controllers/MeController.cs b/samples/Controllers/ApiKeySample/Controllers/MeController.cs
@@ -1,6 +1,8 @@
 using System.Net.Mime;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
+using Microsoft.Extensions.Options;
+using SimpleAuthentication.ApiKey;
 
 namespace ApiKeySample.Controllers;
 
@@ -13,8 +15,27 @@ public class MeController : ControllerBase
     [HttpGet]
     [ProducesResponseType<User>(StatusCodes.Status200OK)]
     [ProducesDefaultResponseType]
-    public ActionResult<User> Get()
-        => new User(User.Identity!.Name);
+    public ActionResult<User> Get(IOptions<ApiKeySettings> apiKeySettingsOptions)
+    {
+        // Get roles using the configured role claim type from options (default is ClaimTypes.Role)
+        var roles = User.FindAll(apiKeySettingsOptions.Value.RoleClaimType).Select(c => c.Value);
+
+        return new User(User.Identity!.Name, roles);
+    }
+
+    [Authorize(Roles = "Administrator")]
+    [HttpGet("administrator")]
+    [ProducesResponseType(StatusCodes.Status204NoContent)]
+    [EndpointDescription("This endpoint requires the user to have the 'Administrator' role")]
+    public IActionResult AdministratorOnly()
+        => NoContent();
+
+    [Authorize(Roles = "User")]
+    [HttpGet("user")]
+    [ProducesResponseType(StatusCodes.Status204NoContent)]
+    [EndpointDescription("This endpoint requires the user to have the 'User' role")]
+    public IActionResult UserOnly()
+        => NoContent();
 }
 
-public record class User(string? UserName);
+public record class User(string? UserName, IEnumerable<string> Roles);
diff --git a/samples/Controllers/ApiKeySample/appsettings.json b/samples/Controllers/ApiKeySample/appsettings.json
@@ -6,18 +6,23 @@
             // You can specify either HeaderName, QueryStringKey or both
             "HeaderName": "x-api-key",
             "QueryStringKey": "code",
+            //"NameClaimType": "user_name", // Default: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
+            //"RoleClaimType": "user_role", // Default: http://schemas.microsoft.com/ws/2008/06/identity/claims/role
             // You can set a fixed API Key for authentication. If you have a single value, you can just use the plain property:
             "ApiKeyValue": "f1I7S5GXa4wQDgLQWgz0",
             "UserName": "ApiUser", // Required if ApiKeyValue is used
+            "Roles": [ "Administrator" ],
             // Otherwise, you can create an array of ApiKeys:
             "ApiKeys": [
                 {
                     "Value": "ArAilHVOoL3upX78Cohq",
-                    "UserName": "alice"
+                    "UserName": "alice",
+                    "Roles": [ "Administrator", "User" ]
                 },
                 {
                     "Value": "DiUU5EqImTYkxPDAxBVS",
-                    "UserName": "bob"
+                    "UserName": "bob",
+                    "Roles": [ "User" ]
                 }
             ]
             // You can also combine both declarations.
diff --git a/samples/Controllers/BasicAuthenticationSample/Controllers/MeController.cs b/samples/Controllers/BasicAuthenticationSample/Controllers/MeController.cs
@@ -1,6 +1,8 @@
 using System.Net.Mime;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
+using Microsoft.Extensions.Options;
+using SimpleAuthentication.BasicAuthentication;
 
 namespace BasicAuthenticationSample.Controllers;
 
@@ -13,8 +15,27 @@ public class MeController : ControllerBase
     [HttpGet]
     [ProducesResponseType<User>(StatusCodes.Status200OK)]
     [ProducesDefaultResponseType]
-    public ActionResult<User> Get()
-        => new User(User.Identity!.Name);
+    public ActionResult<User> Get(IOptions<BasicAuthenticationSettings> basicAuthenticationSettingsOptions)
+    {
+        // Get roles using the configured role claim type from options (default is ClaimTypes.Role)
+        var roles = User.FindAll(basicAuthenticationSettingsOptions.Value.RoleClaimType).Select(c => c.Value);
+
+        return new User(User.Identity!.Name, roles);
+    }
+
+    [Authorize(Roles = "Administrator")]
+    [HttpGet("administrator")]
+    [ProducesResponseType(StatusCodes.Status204NoContent)]
+    [EndpointDescription("This endpoint requires the user to have the 'Administrator' role")]
+    public IActionResult AdministratorOnly()
+        => NoContent();
+
+    [Authorize(Roles = "User")]
+    [HttpGet("user")]
+    [ProducesResponseType(StatusCodes.Status204NoContent)]
+    [EndpointDescription("This endpoint requires the user to have the 'User' role")]
+    public IActionResult UserOnly()
+        => NoContent();
 }
 
-public record class User(string? UserName);
+public record class User(string? UserName, IEnumerable<string> Roles);
diff --git a/samples/Controllers/BasicAuthenticationSample/appsettings.json b/samples/Controllers/BasicAuthenticationSample/appsettings.json
@@ -8,15 +8,18 @@
             //"RoleClaimType": "user_role", // Default: http://schemas.microsoft.com/ws/2008/06/identity/claims/role
             "UserName": "marco",
             "Password": "P@$$w0rd",
+            "Roles": [ "Administrator" ],
             // Otherwise, you can create an array of Credentials:
             "Credentials": [
                 {
                     "UserName": "alice",
-                    "Password": "Password1"
+                    "Password": "Password1",
+                    "Roles": [ "Administrator", "User" ]
                 },
                 {
                     "UserName": "bob",
-                    "Password": "Password2"
+                    "Password": "Password2",
+                    "Roles": [ "User" ]
                 }
             ]
             // You can also combine both declarations.
diff --git a/samples/MinimalApis/ApiKeySample/Program.cs b/samples/MinimalApis/ApiKeySample/Program.cs
@@ -65,11 +65,11 @@
 .RequireAuthorization();
 
 app.MapGet("api/administrator", () => TypedResults.NoContent())
-.WithDescription("This endpoint requires the user to have the 'Administrator' role.")
+.WithDescription("This endpoint requires the user to have the 'Administrator' role")
 .RequireAuthorization(policy => policy.RequireRole("Administrator"));
 
 app.MapGet("api/user", () => TypedResults.NoContent())
-.WithDescription("This endpoint requires the user to have the 'User' role.")
+.WithDescription("This endpoint requires the user to have the 'User' role")
 .RequireAuthorization(policy => policy.RequireRole("User"));
 
 app.Run();
diff --git a/samples/MinimalApis/BasicAuthenticationSample/Program.cs b/samples/MinimalApis/BasicAuthenticationSample/Program.cs
@@ -65,11 +65,11 @@
 .RequireAuthorization();
 
 app.MapGet("api/administrator", () => TypedResults.NoContent())
-.WithDescription("This endpoint requires the user to have the 'Administrator' role.")
+.WithDescription("This endpoint requires the user to have the 'Administrator' role")
 .RequireAuthorization(policy => policy.RequireRole("Administrator"));
 
 app.MapGet("api/user", () => TypedResults.NoContent())
-.WithDescription("This endpoint requires the user to have the 'User' role.")
+.WithDescription("This endpoint requires the user to have the 'User' role")
 .RequireAuthorization(policy => policy.RequireRole("User"));
 
 app.Run();
diff --git a/src/SimpleAuthentication.Abstractions/version.json b/src/SimpleAuthentication.Abstractions/version.json
@@ -1,6 +1,6 @@
 {
 	"$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json",
-	"version": "3.0",
+	"version": "3.1",
 	"publicReleaseRefSpec": [
 		"^refs/heads/master$" // we release out of master
 	],
diff --git a/src/SimpleAuthentication.Swashbuckle/version.json b/src/SimpleAuthentication.Swashbuckle/version.json
@@ -1,6 +1,6 @@
 {
 	"$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json",
-	"version": "3.0",
+	"version": "3.1",
 	"publicReleaseRefSpec": [
 		"^refs/heads/master$" // we release out of master
 	],
diff --git a/src/SimpleAuthentication/version.json b/src/SimpleAuthentication/version.json
@@ -1,6 +1,6 @@
 {
 	"$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json",
-	"version": "3.0",
+	"version": "3.1",
 	"publicReleaseRefSpec": [
 		"^refs/heads/master$" // we release out of master
 	],

Original file line number	Diff line number	Diff line change
`@@ -8,15 +8,18 @@`
`8`	`8`	`//"RoleClaimType": "user_role", // Default: http://schemas.microsoft.com/ws/2008/06/identity/claims/role`
`9`	`9`	`"UserName": "marco",`
`10`	`10`	`"Password": "P@$$w0rd",`
	`11`	`+ "Roles": [ "Administrator" ],`
`11`	`12`	`// Otherwise, you can create an array of Credentials:`
`12`	`13`	`"Credentials": [`
`13`	`14`	`{`
`14`	`15`	`"UserName": "alice",`
`15`		`- "Password": "Password1"`
	`16`	`+ "Password": "Password1",`
	`17`	`+ "Roles": [ "Administrator", "User" ]`
`16`	`18`	`},`
`17`	`19`	`{`
`18`	`20`	`"UserName": "bob",`
`19`		`- "Password": "Password2"`
	`21`	`+ "Password": "Password2",`
	`22`	`+ "Roles": [ "User" ]`
`20`	`23`	`}`
`21`	`24`	`]`
`22`	`25`	`// You can also combine both declarations.`
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json",`
`3`		`- "version": "3.0",`
	`3`	`+ "version": "3.1",`
`4`	`4`	`"publicReleaseRefSpec": [`
`5`	`5`	`"^refs/heads/master$" // we release out of master`
`6`	`6`	`],`