Suggested Videos
Part 91 - Manage user roles in asp.net core identity | Text | Slides
Part 92 - Model binding not working on submitting razor view with foreach loop | Text | Slides
Part 93 - Manage user claims in asp.net core | Text | Slides
Introduction
In this video we will discuss Claims based authorization i.e using claims to make access control decisions.
Let's say we have the following 3 claims in our application.
To be able to DELETE a ROLE, the logged-in user must have Delete Role claim, otherwise access should be denied.
Implementing Claims based authorization
There are 2 simple steps to implement Claims based authorization in asp.net core.
Creating Claims Policy
Claims are policy based. We create a policy and include one or more claims in that policy. We then need to register the policy. Creating and registering a claims policy is typically done in one step in ConfigureServices() method of the Startup class.
The policy can then be used on a controller or a controller action.
To be able to access DeleteRole action, the loggedin user must have Delete Role claim.
Adding Multiple Claims to Policy
To add multiple claims to a given policy, chain RequireClaim() method
To satisfy this policy requirements, the loggedin user must have both the claims
Part 91 - Manage user roles in asp.net core identity | Text | Slides
Part 92 - Model binding not working on submitting razor view with foreach loop | Text | Slides
Part 93 - Manage user claims in asp.net core | Text | Slides
Introduction
In this video we will discuss Claims based authorization i.e using claims to make access control decisions.
Let's say we have the following 3 claims in our application.
- Create Role
- Edit Role
- Delete Role
To be able to DELETE a ROLE, the logged-in user must have Delete Role claim, otherwise access should be denied.
Implementing Claims based authorization
There are 2 simple steps to implement Claims based authorization in asp.net core.
- Create a claims policy
- Use the policy on a controller or a controller action
Creating Claims Policy
Claims are policy based. We create a policy and include one or more claims in that policy. We then need to register the policy. Creating and registering a claims policy is typically done in one step in ConfigureServices() method of the Startup class.
services.AddAuthorization(options =>
{
options.AddPolicy("DeleteRolePolicy",
policy => policy.RequireClaim("Delete Role"));
});
{
options.AddPolicy("DeleteRolePolicy",
policy => policy.RequireClaim("Delete Role"));
});
- The options parameter type is AuthorizationOptions
- Use AddPolicy() method to create the policy
- The first parameter is the name of the policy and the second parameter is the policy itself
- To satisfy this policy requirements, the logged-in user must have Delete Role claim
The policy can then be used on a controller or a controller action.
[HttpPost]
[Authorize(Policy = "DeleteRolePolicy")]
public async Task<IActionResult> DeleteRole(string id)
{
// Delete Role
}
[Authorize(Policy = "DeleteRolePolicy")]
public async Task<IActionResult> DeleteRole(string id)
{
// Delete Role
}
To be able to access DeleteRole action, the loggedin user must have Delete Role claim.
Adding Multiple Claims to Policy
To add multiple claims to a given policy, chain RequireClaim() method
services.AddAuthorization(options =>
{
options.AddPolicy("DeleteRolePolicy",
policy => policy.RequireClaim("Delete Role")
.RequireClaim("Create Role")
);
});
{
options.AddPolicy("DeleteRolePolicy",
policy => policy.RequireClaim("Delete Role")
.RequireClaim("Create Role")
);
});
To satisfy this policy requirements, the loggedin user must have both the claims
Dear Sir,
ReplyDeleteclaim/Role based authorization not reflecting immediately,how can i Update Claims/Roles Identity Value without logging out and back in