Adding authorization
At this point, we know whether the user is authenticated or not, but does the user have access to a specific function? That is what authorization is all about. Luckily, the built-in functions support this as well, even though we have to write some code for it.
The server side has all the tables needed to add roles to our users. There are, however, no UIs available. For our application, we'll just add a role manually in the database, but first, we need to configure roles.
Adding roles from the server
Execute the following steps to add roles from the server:
- In the
MyBlogWebAssembly.Server
project, open theStartup.cs
file. - In the
ConfigureServices
method, add options to.AddApiAuthorization
and remove the default claim mapping as follows:.AddApiAuthorization<AppUser, MyBlogDbContext>(options => { options...