AI OnAI Off
It looks like you need to use SupportsClaims
to add your claim to the current principle — as described in the documentation here:
https://world.optimizely.com/documentation/developer-guides/CMS/security/Virtual-roles/
We're having a problem with an OIDC-integration on .NET 5/CMS 12 - the integration itself is working fine, a user is sent to the identity provider and redirected back to the CMS as expected.
However, since this identity provider doesn't provide any roles, we need to have a way to add them to a virtual role ourselves, as identifying with this provider should authorize you to a specific part of the site.
To do this, we've tried adding a claim in the OnTokenValidated-Event, like so:
This seemingly works, as inspecting the user in any ControllerContext now shows that he has the correct claim.
However, the virtual role mapping we've set up ignores this claim:
The user does not have the virtual role (replacing "SomeRole" with "Everyone" works, so the is set up correctly).
I also tried creating a custom VirtualRole by inheriting VirtualRoleProviderBase, and the IPrincipal argument that gets sent into that does not have any claims other than two role claims for "Everyone" and "Anonymous" - trying to read it from IHttpContextAccessor (in the VirtualRole) yields the same result, no claims there either.
So, seeing as it works in the context of a controller, but not here - what step am I missing? Grateful for any ideas!