Suggested Videos
Part 79 - Get list of roles in asp.net core | Text | Slides
Part 80 - Edit role in asp.net core | Text | Slides
Part 81 - Add or remove users from role in asp.net core | Text | Slides
In this video we will discuss role based authorization in asp.net core
Authentication and Authorization in ASP.NET Core
ASP.NET Core Simple Authorization
When the Authorize attribute is used in it's simplest form, without any parameters, it only checks if the user is authenticated. This is also called simple authorization.
We discussed simple authorization in detail in Part 71 of ASP.NET Core tutorial.
Role Based Authorization in ASP.NET Core
Role-based authorization checks can be applied either against a controller or an action within a controller.
Role Based Authorization Example
Only those users who are members of the Administrator role can access the actions in the AdministrationController
Multiple Roles Example
Multiple roles can be specified by separating them with a comma. The actions in this controller are accessible only to those users who are members of either Administrator or User role.
Multiple Instances of Authorize Attribute
To be able to access the actions in this controller, users have to be members of both - the Administrator role and the User role.
Role Based Authorization Check on a Controller Action
Members of the Administrator role or the User role can access the controller and the ABC action, but only members of the Administrator role can access the XYZ action. The action Anyone() can be accessed by anyone including the anonymous users as it is decorated with AllowAnonymous attribute.
Part 79 - Get list of roles in asp.net core | Text | Slides
Part 80 - Edit role in asp.net core | Text | Slides
Part 81 - Add or remove users from role in asp.net core | Text | Slides
In this video we will discuss role based authorization in asp.net core
Authentication and Authorization in ASP.NET Core
- Authentication is the process of identifying who the user is.
- Authorization is the process of identifying what the user can and cannot do.
- Authorization in ASP.NET Core MVC is controlled through the AuthorizeAttribute
ASP.NET Core Simple Authorization
When the Authorize attribute is used in it's simplest form, without any parameters, it only checks if the user is authenticated. This is also called simple authorization.
[Authorize]
public class SomeController : Controller
{
}
public class SomeController : Controller
{
}
We discussed simple authorization in detail in Part 71 of ASP.NET Core tutorial.
Role Based Authorization in ASP.NET Core
Role-based authorization checks can be applied either against a controller or an action within a controller.
Role Based Authorization Example
Only those users who are members of the Administrator role can access the actions in the AdministrationController
[Authorize(Roles = "Administrator")]
public class AdministrationController : Controller
{
}
public class AdministrationController : Controller
{
}
Multiple Roles Example
Multiple roles can be specified by separating them with a comma. The actions in this controller are accessible only to those users who are members of either Administrator or User role.
[Authorize(Roles = "Administrator,User")]
public class AdministrationController : Controller
{
}
public class AdministrationController : Controller
{
}
Multiple Instances of Authorize Attribute
To be able to access the actions in this controller, users have to be members of both - the Administrator role and the User role.
[Authorize(Roles = "Administrator")]
[Authorize(Roles = "User")]
public class AdministrationController : Controller
{
}
[Authorize(Roles = "User")]
public class AdministrationController : Controller
{
}
Role Based Authorization Check on a Controller Action
Members of the Administrator role or the User role can access the controller and the ABC action, but only members of the Administrator role can access the XYZ action. The action Anyone() can be accessed by anyone including the anonymous users as it is decorated with AllowAnonymous attribute.
[Authorize(Roles = "Administrator, User")]
public class AdministrationController : Controller
{
public ActionResult ABC()
{
}
[Authorize(Roles = "Administrator")]
public ActionResult XYZ()
{
}
[AllowAnonymous]
public ActionResult Anyone()
{
}
}
public class AdministrationController : Controller
{
public ActionResult ABC()
{
}
[Authorize(Roles = "Administrator")]
public ActionResult XYZ()
{
}
[AllowAnonymous]
public ActionResult Anyone()
{
}
}
No comments:
Post a Comment
It would be great if you can help share these free resources