{"jti":"26bdfd20-104f-45d4-a4e1-111044808041", "iss":"http://localhost:5000/", "iat":1531729854, "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier":"1", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name":"Vahid", "DisplayName":"وحید", "http://schemas.microsoft.com/ws/2008/06/identity/claims/serialnumber":"046fb152a7474043952475cfa952cdc9", "http://schemas.microsoft.com/ws/2008/06/identity/claims/userdata":"1", "DynamicPermission":[":MyProtectedApi2:Get", ":MyProtectedEditorsApi:Get", ":MyProtectedApi3:Get", ":MyProtectedApi4:Get"], "http://schemas.microsoft.com/ws/2008/06/identity/claims/role":["Admin", "Editor", "User"], "nbf":1531729855, "exp":1531729975, "aud":"Any"}
public bool CanUserAccess(ClaimsPrincipal user, string area, string controller, string action) { var currentClaimValue = $"{area}:{controller}:{action}"; var securedControllerActions = _mvcActionsDiscoveryService.GetAllSecuredControllerActionsWithPolicy(ConstantPolicies.DynamicPermission); if (!securedControllerActions.SelectMany(x => x.MvcActions).Any(x => x.ActionId == currentClaimValue)) { throw new KeyNotFoundException($@"The `secured` area={area}/controller={controller}/action={action} with `ConstantPolicies.DynamicPermission` policy not found. Please check you have entered the area/controller/action names correctly and also it's decorated with the correct security policy."); } if (!user.Identity.IsAuthenticated) { return false; } if (user.IsInRole("Admin")) { // Admin users have access to all of the pages. return true; } // Check for dynamic permissions // A user gets its permissions claims from the `ApplicationClaimsPrincipalFactory` class automatically and it includes the role claims too. //for check user has claim for access to action return user.HasClaim(claim => claim.Type == ConstantPolicies.DynamicPermissionClaimType && claim.Value == currentClaimValue); }