Identityserver4: Control resource actions access by scope

Created on 31 Aug 2016 · 5Comments · Source: IdentityServer/IdentityServer4

Hi!
Is there any way I can specify that, for instance, a

GET http:/myserver/mypath requires scope X and
GET http:/myserver/myOtherpath requires scope Y
?
Is there some scope attribute or can I access that stuff from within the controller?

question

Source

vhe1

👍1

Most helpful comment

You'd have to build that yourself. You might be able to use the new policy based authorization: https://docs.asp.net/en/latest/security/authorization/claims.html

brockallen on 31 Aug 2016

👍2

You'd have to build that yourself. You might be able to use the new policy based authorization: https://docs.asp.net/en/latest/security/authorization/claims.html

brockallen on 31 Aug 2016

👍2

Thanks a lot!
That's it.

vhe1 on 31 Aug 2016

What is the point of AllowedScopes if you can't limit controllers to scopes without writing another framework? Please someone tell me.

needo2 on 11 Jun 2019

maxtsw on 12 Jun 2019

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

lock[bot] on 11 Jan 2020

Was this page helpful?

0 / 5 - 0 ratings

IdentityServer4.AccessTokenValidation - Access token not propagating via JwtBearerEvents::OnTokenValidated

osudude · 3Comments

Does idsrv4 supports asp.net identity with integer instead of guid?

nukec · 3Comments

Change AddFilteredClaims to AddClaims on the ProfileContext

brockallen · 3Comments

Self-signed certificate

krgm03 · 3Comments

Authorize attribute failure redirects to logout in API rather than returns 401

cixonline · 3Comments