Your arguments are so narrow minded. Yes attribute based role authorisation checks with magic strings will be a nightmare to code and maintain, thats a given. How about using permission based attributes with enums. An method will only perform one operation for a single purpose and hence will have one permission. So typed permissions with attributes would be ideal. Lucky thats the way my authorization has worked for some considerable time.

Is it possible to have those projects for learning purpose ?

Hi Sir, Thanks for the video. I have setup the identity server 4 with .net core 3.1 Every thing is working fine but the thing is i need configure Redis caching for server side. Can you help me out(Redis server is up and run in my local system )

Guys! Thanks a ton for giving me a different perspective to approach AC in my ORG... I am definitely gonna use the ideas shared by you in this amazing presentation. Thank You! Good Luck :)

plz I need source code.It can take me out of hell.

Hi Is this nuget package ready to ship and use. In the slide I don't see any reference to a how to get started section. Is this stuff bleeding edge? Is their a gitter channel?

Thank you Dominick and Brock! This video will help focus our Authorization Architectural Direction. We already have something like this that can be extended to implement some of the additional concepts you cover. This video will help further our discussion. Amusing conclusion near the end. :-)

A very helpful video! The only question I still have is, do they pass the token from the api to the authorization service or do they just pass the username? Is it necessary to use security in the authorization service ?

Is the used sample code still available?

First - Also, really helpful; thanks!

i LOVE Dominick's accent haha

It looks to me that they are mixing business rules with actual authorization. The idea is good. But it seems to be very easy to start having business logic in the custom policies' logic.