Your arguments are so narrow minded. Yes attribute based role authorisation checks with magic strings will be a nightmare to code and maintain, thats a given. How about using permission based attributes with enums. An method will only perform one operation for a single purpose and hence will have one permission. So typed permissions with attributes would be ideal. Lucky thats the way my authorization has worked for some considerable time.
@consciousmi4842 Жыл бұрын
Is it possible to have those projects for learning purpose ?
@vivekgowda15763 жыл бұрын
Hi Sir, Thanks for the video. I have setup the identity server 4 with .net core 3.1 Every thing is working fine but the thing is i need configure Redis caching for server side. Can you help me out(Redis server is up and run in my local system )
@simplelife87223 жыл бұрын
Guys! Thanks a ton for giving me a different perspective to approach AC in my ORG... I am definitely gonna use the ideas shared by you in this amazing presentation. Thank You! Good Luck :)
@vahidakbarirad17616 жыл бұрын
plz I need source code.It can take me out of hell.
@adriancooke73107 жыл бұрын
Hi Is this nuget package ready to ship and use. In the slide I don't see any reference to a how to get started section. Is this stuff bleeding edge? Is their a gitter channel?
@raviormetal16536 жыл бұрын
They just showed how to implement authorization (when using identity provider) and concluded that there is no generalized framework for this since most businesses need very specific implementations.
@temitopemagbagbeola52046 жыл бұрын
I think what might be of more benefit is including the token to permissions(aka AuthorizationEngine) feature in identity server.That way clients(especially spa's) and api's can get permissions on user login to implement separate authorization as required.
@davevanboal36697 жыл бұрын
Thank you Dominick and Brock! This video will help focus our Authorization Architectural Direction. We already have something like this that can be extended to implement some of the additional concepts you cover. This video will help further our discussion. Amusing conclusion near the end. :-)
@OhMaegs6 жыл бұрын
A very helpful video! The only question I still have is, do they pass the token from the api to the authorization service or do they just pass the username? Is it necessary to use security in the authorization service ?
@TheVincent02685 жыл бұрын
Is the used sample code still available?
@technogeek487 жыл бұрын
First - Also, really helpful; thanks!
@stanleytoles336 жыл бұрын
i LOVE Dominick's accent haha
@raviormetal16536 жыл бұрын
You mean a german speaking english ^^
@alexgarcia83116 жыл бұрын
It looks to me that they are mixing business rules with actual authorization. The idea is good. But it seems to be very easy to start having business logic in the custom policies' logic.
@Prod-236 жыл бұрын
Depends on your domain I guess. But Authorisation may well be related to business logic. I don't see a problem with that if authorisation is in fact dependent on business rules how else are you going to do it?