I am trying to use the [Authorize] attribute in a Asp.net core2 webapi. It seems that the AuthorizeAttribute does not have a Users property (but does have Roles). What happened to this functionality? Is there a different way now? (I am using AD authentication so my question may be moot if that is how I'm supposed to do it.
Asked
Active
Viewed 30 times
1
-
It's not added but you can create a custom authorize attribute which implements your needs – Marcus Höglund Aug 23 '18 at 17:48
1 Answers
0
It doesn't exist but you can achieve the same thing by:
a) Creating your custom authorize attribute. Read more about it on How do you create a custom AuthorizeAttribute in ASP.NET Core?
b) Creating a policy for those users. If you are going to have multiple actions assigned to the same users and they don't share the same role, you can create a policy. Check this out: https://docs.microsoft.com/en-us/aspnet/core/security/authorization/policies?view=aspnetcore-2.1
Francisco Goldenstein
- 11,917
- 6
- 48
- 62
-
OK. It also seems that creating custom roles requires a lot as well. Is it advisable to create a table in my database, access it from the controller, search for a user's permissions and use this information before proceeding with additional data CRUD? – Intensivist Sep 12 '18 at 12:23
-
Normally you set a list of roles as a string with the identity of the user. That way, you don't need to do a round trip to the database in order to authorize a user. – Francisco Goldenstein Sep 12 '18 at 12:30
-
I see that. But, unless I create custom roles that have meaning in my programming context, I have to use the Roles available to me in the AAD. Creating roles requires command lines and a fair amount of work. Theres no Portal UI that lets you create a Role like "Librarian" or "LibraryUser" – Intensivist Sep 12 '18 at 12:32
-
I always create roles in my applications to have more control. – Francisco Goldenstein Sep 12 '18 at 14:27
-
OK. Which technique do you use? There seem to be a few command line opportunities – Intensivist Sep 13 '18 at 09:51
-
I just create User, UserRole, UserUserRole tables, cache them and use them to enable/disable features inside each page. – Francisco Goldenstein Sep 13 '18 at 13:30