Suggested Videos
Part 91 - Manage user roles in asp.net core identity | Text | Slides
Part 92 - Model binding not working on submitting razor view with foreach loop | Text | Slides
Part 93 - Manage user claims in asp.net core | Text | Slides
Introduction
In this video we will discuss Claims based authorization i.e using claims to make access control decisions.
Let's say we have the following 3 claims in our application.
To be able to DELETE a ROLE, the logged-in user must have Delete Role claim, otherwise access should be denied.
Implementing Claims based authorization
There are 2 simple steps to implement Claims based authorization in asp.net core.
Creating Claims Policy
Claims are policy based. We create a policy and include one or more claims in that policy. We then need to register the policy. Creating and registering a claims policy is typically done in one step in ConfigureServices() method of the Startup class.
The policy can then be used on a controller or a controller action.
To be able to access DeleteRole action, the loggedin user must have Delete Role claim.
Adding Multiple Claims to Policy
To add multiple claims to a given policy, chain RequireClaim() method
To satisfy this policy requirements, the loggedin user must have both the claims
Part 91 - Manage user roles in asp.net core identity | Text | Slides
Part 92 - Model binding not working on submitting razor view with foreach loop | Text | Slides
Part 93 - Manage user claims in asp.net core | Text | Slides
Introduction
In this video we will discuss Claims based authorization i.e using claims to make access control decisions.
Let's say we have the following 3 claims in our application.
- Create Role
- Edit Role
- Delete Role
To be able to DELETE a ROLE, the logged-in user must have Delete Role claim, otherwise access should be denied.
Implementing Claims based authorization
There are 2 simple steps to implement Claims based authorization in asp.net core.
- Create a claims policy
- Use the policy on a controller or a controller action
Creating Claims Policy
Claims are policy based. We create a policy and include one or more claims in that policy. We then need to register the policy. Creating and registering a claims policy is typically done in one step in ConfigureServices() method of the Startup class.
services.AddAuthorization(options =>
{
options.AddPolicy("DeleteRolePolicy",
policy => policy.RequireClaim("Delete Role"));
});
{
options.AddPolicy("DeleteRolePolicy",
policy => policy.RequireClaim("Delete Role"));
});
- The options parameter type is AuthorizationOptions
- Use AddPolicy() method to create the policy
- The first parameter is the name of the policy and the second parameter is the policy itself
- To satisfy this policy requirements, the logged-in user must have Delete Role claim
The policy can then be used on a controller or a controller action.
[HttpPost]
[Authorize(Policy = "DeleteRolePolicy")]
public async Task<IActionResult> DeleteRole(string id)
{
// Delete Role
}
[Authorize(Policy = "DeleteRolePolicy")]
public async Task<IActionResult> DeleteRole(string id)
{
// Delete Role
}
To be able to access DeleteRole action, the loggedin user must have Delete Role claim.
Adding Multiple Claims to Policy
To add multiple claims to a given policy, chain RequireClaim() method
services.AddAuthorization(options =>
{
options.AddPolicy("DeleteRolePolicy",
policy => policy.RequireClaim("Delete Role")
.RequireClaim("Create Role")
);
});
{
options.AddPolicy("DeleteRolePolicy",
policy => policy.RequireClaim("Delete Role")
.RequireClaim("Create Role")
);
});
To satisfy this policy requirements, the loggedin user must have both the claims
Dear Sir,
ReplyDeleteclaim/Role based authorization not reflecting immediately,how can i Update Claims/Roles Identity Value without logging out and back in
Sir if we have more then 20 claims, then we will need to create more then 20 polices, because each claim is using for different-different metods or may be in different controllers ????.
ReplyDelete