public async Task <ActionResult <UserModel> > SetPermissions([FromRoute] string uid, [FromBody] Permission[] permissions) { var userDto = _userBLL.GetByUserUid(uid); if (userDto == null) { return(NotFound()); } // Update permissions userDto.Permissions = permissions; var hasUpdated = _userBLL.UpdateUser(userDto); if (!hasUpdated) { return(new StatusCodeResult((int)HttpStatusCode.InternalServerError)); } // Reload HttpContext by signing out then in again to reset Permissions in Claim var claimantsName = User.FindFirst(ClaimTypes.Name)?.Value; if (claimantsName != null && claimantsName == userDto.Username) { // Remove previous permission claim var permissionClaim = User.FindFirst(Constants.PermissionClaimType); User.Identities.FirstOrDefault(i => i.AuthenticationType == Constants.PaymentIdentity)?.RemoveClaim(permissionClaim); // Add new permission claim var jsonPermissions = JsonSerializer.Serialize(userDto.Permissions); var newPermissionClaim = new Claim(Constants.PermissionClaimType, jsonPermissions ?? string.Empty); User.Identities.FirstOrDefault(i => i.AuthenticationType == Constants.PaymentIdentity)?.AddClaim(newPermissionClaim); // Destroy any existing authentication and then re-login await HttpContext.SignOutAsync(); await HttpContext.SignInAsync(User); } return(userDto.ToModel()); }