Policy-based Authorization in ASP.Net Core (with Custom Authorization Handler)

Рет қаралды 26,081

DotNet Core Central

Күн бұрын

Пікірлер: 43

@justonegoodtrade 4 жыл бұрын

my friend, you saved my life with a current project. You're amazing

@DotNetCoreCentral 4 жыл бұрын

Glad I could help!

@sawairasana Жыл бұрын

can you kindly tell me how to write authorization handler to keep user with same role i.e. user from editing or deleting each others records

@nickeax 3 жыл бұрын

Excellent lesson, thank you very much.

@DotNetCoreCentral 3 жыл бұрын

@Nick Fletcher, thanks for watching!

@xposedcadabiola.o111 4 жыл бұрын

Excellent explanation. Thank you very much.

@DotNetCoreCentral 4 жыл бұрын

Thanks

@Yusuf07HD 4 жыл бұрын

great works! Keep it up.

@DotNetCoreCentral 4 жыл бұрын

Muhammad Eakub thank you!

@johnnguyen1655 4 жыл бұрын

Very good tutorial on the subject. Thanks very much

@DotNetCoreCentral 4 жыл бұрын

@@johnnguyen1655 Thanks!

@nuwan099 8 ай бұрын

Great content! thank you!

@saurabhchauhan232 4 жыл бұрын

Suggestion: Video for when to use Transient, Scoped and Singleton would be really helpful. (on you realworld project experience :) )

@DotNetCoreCentral 4 жыл бұрын

@Saurabh Chauhan, thanks for watching, and thanks for the suggestion!

@syneticsolutions344 Жыл бұрын

Great video, thanks!

@DotNetCoreCentral Жыл бұрын

Glad you liked it!

@ataaact9375 4 жыл бұрын

great vid. but unrelated question, what 's the name of the extension that you're using to get when the code was committed last and by whom?

@KunalMukherjee3701 3 жыл бұрын

It comes by default in visual studio pro and enterprise, it's called git blame

@ataaact9375 3 жыл бұрын

@@KunalMukherjee3701 aha that's why I don't have it, I use community. Thanks for the reply!

@OsamaALSHABANi 4 жыл бұрын

good vide , but i have question , what if my Roles are created on the running of the Application , it should not be hard coded here specially when you are using RequireRole function

@DotNetCoreCentral 4 жыл бұрын

@Osama ALSHABANi, thanks for watching! For your question, roles are usually decided as part of the requirement gathering process, not so much as a part of runtime code. But if you have a scenario where roles are created dynamically, in that case, you cannot use it this way for sure.

@yanchenru 3 жыл бұрын

First of all, great video. Got a quick question, at 16:58, you replaced the previous policy "AdminAndPowerUser" with the new one "EmployeeWithMoreThan20Years". What if I want to keep the previous one as well, so a user who is an Admin but has worked less than 20 years can still have the access? Could you please help to explain how to implement that? Thanks very much.

@DotNetCoreCentral 3 жыл бұрын

@Chenru Yan, I am not 100% sure, I will have to try it out, but the easiest solution I can think of is creating a new policy to cover all the scenarios.

@yanchenru 3 жыл бұрын

@@DotNetCoreCentral Thanks for your reply. For the new policy, does that mean a new handler will be created to check if the user belongs to Admin or PowerUser or has worked more than 20 years? That feels like repeating what already have been done in the other two policies. Just curious is possible in the Startup.cs file, do something such as options.AddPolicy("Combined", policy => policy.Add("AdminAndPowerUser", "EmployeeWithMoreThan20Years")); I am quite new to ASP.NET, please bear with all my naive questions.

@DotNetCoreCentral 3 жыл бұрын

@@yanchenru This post in stack overflow should help you with your requirement: stackoverflow.com/questions/35609632/asp-net-5-authorize-against-two-or-more-policies-or-combined-policy

@yanchenru 3 жыл бұрын

@@DotNetCoreCentral Thank you for the information, it is very helpful.

@DotNetCoreCentral 3 жыл бұрын

@@yanchenru you are welcome!

@sav4384 3 жыл бұрын

how can we fetch roles from db and use in handler

@DotNetCoreCentral 3 жыл бұрын

@saveen gs, it should be just like any other place where you access the database. You do it from the middleware for authentication.

@sav4384 3 жыл бұрын

@@DotNetCoreCentral thankq

@yogeswarank 3 жыл бұрын

Thank you very much. Can you also make a video on how to change the user claim after the user is logged in. Need a flexibility to refresh the claims of the user without asking him to log out and login again.

@DotNetCoreCentral 3 жыл бұрын

@yoges waran, thanks for watching the video! If I understand your requirement correctly, what you are looking for is the refresh token implementation. I have done a video on the same here: kzbin.info/www/bejne/bXuzaIlrbr1kqc0 Please take a look and let me know if this serves your purpose.

@elioscipioni8908 3 жыл бұрын

thanks for sharing, great video!!

@DotNetCoreCentral 3 жыл бұрын

@Elio Scipioni, thanks for watching!

@trinhnv1205 3 жыл бұрын

very helpful

@DotNetCoreCentral 3 жыл бұрын

@Nguyễn Văn Trình, thanks for watching!

@karenj5880 4 жыл бұрын

Thank you!

@DotNetCoreCentral 4 жыл бұрын

@Karen D, thanks for watching!

@karenj5880 4 жыл бұрын

@@DotNetCoreCentral It was very straight forward and to the point, answered exactly what I was looking for!

@DotNetCoreCentral 4 жыл бұрын

@@karenj5880 glad this video could help!

@genotypek6133 3 жыл бұрын

My friend it's authorization not authentication. You can authenticate yourself with bearer token, cookie etc. - just to tell who you are. You can authorize yourself with policies or roles - check if you're allowed to do something.