Title: Added role management and admin role checks

Summary:

This commit introduces role management to the Identity service and adds an "Admin" role check. The `Program.cs` file was updated to include role management and a new Razor page with authorization. The `GetProfileDataAsync` method in `ProfileService.cs` was refactored to retrieve the user directly from the subject and add the user's roles as claims. The `UsersSeed` class now includes a `RoleManager<IdentityRole>` dependency and checks if the "Admin" role exists, creating it if necessary. The user "alice" is also added to the "Admin" role. A new menu item was added to `UserMenu.razor` that links to the new Razor page `CascadeAuthState.razor`, which displays the user's authentication state and admin role status.

Author: Sntai20

Identity.API/Program.cs

@@ -11,9 +11,16 @@
 // migrations instead.
 builder.Services.AddMigration<ApplicationDbContext, UsersSeed>();
 
-builder.Services.AddIdentity<ApplicationUser, IdentityRole>()
-        .AddEntityFrameworkStores<ApplicationDbContext>()
-        .AddDefaultTokenProviders();
+builder.Services
+    .AddIdentity<ApplicationUser, IdentityRole>()
+    .AddEntityFrameworkStores<ApplicationDbContext>()
+    .AddDefaultTokenProviders()
+    .AddRoles<IdentityRole>();
+
+builder.Services.AddRazorPages(options =>
+{
+    options.Conventions.AuthorizePage("/user/cascade-auth-state");
+});
 
 builder.Services.AddIdentityServer(options =>
 {

Identity.API/Services/ProfileService.cs

@@ -11,16 +11,22 @@ public ProfileService(UserManager<ApplicationUser> userManager)
 
     public async Task GetProfileDataAsync(ProfileDataRequestContext context)
     {
-        var subject = context.Subject ?? throw new ArgumentNullException(nameof(context.Subject));
+        var user = await _userManager.GetUserAsync(context.Subject);
 
-        var subjectId = subject.Claims.Where(x => x.Type == "sub").FirstOrDefault()?.Value;
+        var roles = await _userManager.GetRolesAsync(user);
 
-        var user = await _userManager.FindByIdAsync(subjectId);
-        if (user == null)
-            throw new ArgumentException("Invalid subject identifier");
+        var claims = new List<Claim>
+        {
+            new Claim(JwtClaimTypes.Subject, user.Id),
+            new Claim(JwtClaimTypes.PreferredUserName, user.UserName),
+        };
+
+        foreach (var role in roles)
+        {
+            claims.Add(new Claim(JwtClaimTypes.Role, role));
+        }
 
-        var claims = GetClaimsFromUser(user);
-        context.IssuedClaims = claims.ToList();
+        context.IssuedClaims = claims;
     }
 
     public async Task IsActiveAsync(IsActiveContext context)

Identity.API/UsersSeed.cs

@@ -1,10 +1,32 @@
 
 namespace eShop.Identity.API;
 
-public class UsersSeed(ILogger<UsersSeed> logger, UserManager<ApplicationUser> userManager) : IDbSeeder<ApplicationDbContext>
+using Microsoft.AspNetCore.Identity;
+
+public class UsersSeed(
+    ILogger<UsersSeed> logger,
+    UserManager<ApplicationUser> userManager,
+    RoleManager<IdentityRole> roleManager) : IDbSeeder<ApplicationDbContext>
 {
     public async Task SeedAsync(ApplicationDbContext context)
     {
+        // Check if the Admin role exists and create it if it doesn't
+        if (!await roleManager.RoleExistsAsync("Admin"))
+        {
+            var role = new IdentityRole("Admin");
+            var result = await roleManager.CreateAsync(role);
+
+            if (!result.Succeeded)
+            {
+                throw new Exception(result.Errors.First().Description);
+            }
+
+            if (logger.IsEnabled(LogLevel.Debug))
+            {
+                logger.LogDebug("Admin role created");
+            }
+        }
+
         var alice = await userManager.FindByNameAsync("alice");
 
         if (alice == null)
@@ -41,6 +63,13 @@ public async Task SeedAsync(ApplicationDbContext context)
             {
                 logger.LogDebug("alice created");
             }
+
+            var roleResult = await userManager.AddToRoleAsync(alice, "Admin");
+
+            if (!roleResult.Succeeded)
+            {
+                throw new Exception(roleResult.Errors.First().Description);
+            }
         }
         else
         {

WebApp/Components/Layout/UserMenu.razor

@@ -13,6 +13,7 @@
             <div class="dropdown-content">
                 <a class="dropdown-item" href="user/orders">My orders</a>
                 <a class="dropdown-item" href="user/editprofile">Edit profile</a>
+                <a class="dropdown-item" href="user/cascade-auth-state">View authentication state</a>
                 <form class="dropdown-item" method="post" action="user/logout" @formname="logout" @onsubmit="LogOutAsync">
                     <AntiforgeryToken />
                     <button type="submit">Log out</button>

WebApp/Components/Pages/User/CascadeAuthState.razor

@@ -0,0 +1,34 @@
+@page "/user/cascade-auth-state"
+@using Microsoft.AspNetCore.Components.Authorization
+
+<h1>Cascade Auth State</h1>
+
+<p>@authMessage</p>
+
+@code {
+    private string authMessage = "The user is NOT authenticated.";
+
+    [CascadingParameter]
+    private Task<AuthenticationState>? authenticationState { get; set; }
+
+    protected override async Task OnInitializedAsync()
+    {
+        if (authenticationState is not null)
+        {
+            var authState = await authenticationState;
+            var user = authState?.User;
+
+            if (user?.Identity is not null && user.Identity.IsAuthenticated)
+            {
+                if (user.IsInRole("Admin"))
+                {
+                    authMessage = $"{user.Identity.Name} is authenticated and in the Admin role.";
+                }
+                else
+                {
+                    authMessage = $"{user.Identity.Name} is authenticated but not in the Admin role.";
+                }
+            }
+        }
+    }
+}