Implementing A Custom Authorization Handler In ASP.NET Core | Permission Authorization - Part 3

preview_player
Показать описание

Authorization is an important topic to consider in an ASP.NET Core application. Along with authentication, it's the backbone of a reliable and secure application. In this video, I'm going to show you how to implement permission authorization. This is part 3 of a longer series on permission authorization, where I will show you how to implement a custom AuthorizationHandler to support authorizing endpoints using permissions.

Join my weekly .NET newsletter:

Read my Blog here:

Subscribe for more:

Chapters
0:00 Defining a custom PermissionAuthorizationHandler
4:21 How to verify if the current User has the required Permission
6:07 Defining IPermissionService and using it to complete PermissionAuthorizationHandler
8:22 Adding the IPermissionService implementation
10:51 Configuring the required services
11:51 Adding the mystery component - PermissionAuthorizationPolicyProvider
15:01 Permission Authorization in action (finally)
  1. Milan Jovanović
  2. authorization
  3. authorization vs authentication
  4. authorization and authentication
  5. authorization jwt
  6. permission authorization
Рекомендации по теме
Implementing A Custom 0:16:55

Implementing A Custom Authorization Handler In ASP.NET Core | Permission Authorization - Part 3

Custom authorization requirement 0:11:11

Custom authorization requirement and handler example in asp net core

Policy based Authorization 0:12:45

Policy based Authorization with Custom Authorization Handler | ASP.NET Core Identity Series | Ep 11

Custom authorization requirements 0:05:23

Custom authorization requirements and handlers in asp net core

Policy-based Authorization in 0:19:37

Policy-based Authorization in ASP.Net Core (with Custom Authorization Handler)

Multiple custom authorization 0:08:14

Multiple custom authorization handlers for a requirement in asp net core

Building a custom 0:00:47

Building a custom Authorization Handler in ASP.NET Core

Custom authorization handler 0:06:25

Custom authorization handler success vs failure

Create custom authorization 0:11:51

Create custom authorization policy using func in asp net core

ASP.NET MVC #14 0:04:49

ASP.NET MVC #14 - Custom Authorize Attribute | FoxLearn

Policy Based Authorization 0:30:31

Policy Based Authorization In .Net 6 API With JWT | Custom Authorization Handler & Simple Polic...

Role-based Authorization in 0:12:40

Role-based Authorization in ASP.Net Core (With Custom Authentication Handler)

Implementing API Key 0:17:57

Implementing API Key Authentication in ASP.NET Core

ASP.NET Core Authentication 0:20:36

ASP.NET Core Authentication with Custom Handler

Secure Web API 0:01:52

Secure Web API using Authorize attribute | ASP.NET Core 5.0 Web API Tutorial

Secure your API 0:24:31

Secure your API Gateway with Lambda Authorizer | Step by Step AWS Tutorial

Restricting endpoints with 0:10:02

Restricting endpoints with Authorization handlers | ASP.NET Core 5 REST API Tutorial 19

Microservices Authentication/Authorization architectural 0:10:03

Microservices Authentication/Authorization architectural pattern

Asp Net Core 1:44:43

Asp Net Core - Rest API Authorization with JWT (Roles Vs Claims Vs Policy) - Step by Step

05 Blazor PlannerApp 0:12:45

05 Blazor PlannerApp V2 | Setup HttpClient & Create Authorization Messaging Handler | AK Academy

Complete Guide to 2:11:50

Complete Guide to ASP.NET Core Identity - Authentication and Authorization (2022)

Roles vs Claims 0:05:22

Roles vs Claims | ASP.NET Core Identity & Security Series

.NET 7 Minimal 0:00:59

.NET 7 Minimal Api Authentication Middleware Changes

AWS Sydney Summit 0:17:39

AWS Sydney Summit 2018: Creating an API Gateway Custom Authorizer in .NET Core 2.0

Комментарии
Автор

If you had a dollar for every time I say _permission_ in this video, how rich would you be?

MilanJovanovicTech
Автор

Milan, you are one of the best content creator that I'm following from hundreds of others.... Loved this one.... Keep them coming....✌️

sushilb
Автор

Thanks you, Milan! Every new video I learn new and new and new!!! I really appreciate what you are doing!

kirillhorn
Автор

Great video, Milan I looked for video like this in past 6 months... Thank you

davittonoyan
Автор

Excellent topic.
Thank you very much Milan.

talkathiriify
Автор

This is so helpful!!!
Thank you Milan

adisilagy
Автор

I just wanted to thank you for everything that you are doing, your content is awesome and it helped me a lot. I think you deserve way more subscribers than you have :)
p.s. good luck, loocking forward to video course series

dicusardenis
Автор

Every time I come to watch your video for a specific topic, I learn tons of other topics too.
Can you please make some videos about unit test and integration tests which are on a real project. Because I watched lots of videos about it, but still, I am stuck.

Thanks for that and stay awesome. 😊😊

fdyreog
Автор

Way to gooo! Keep them coming. Part 4? :)

nove
Автор

Thanks for the assist. Much needed help.

joshuakosamu
Автор

Great video Milan, thank you very much for this

acvinu
Автор

awesome Milan, thank you off lot, may God blessyou

tidianediallo
Автор

Great post Milan. In the past when I first time implemented permissions based RBAC I spent so much time to get content that gathered here in several videos.

One thing I noticed that might be improved in your example. In AuthorizationPolicyProvider you getting policy and if it's not null you creating it. To avoid creation of the policies all the time I'd suggest to take options from constructor to local variable and then slightly modify GetPolicyAsync to:

if (policy == null)
{
if (Enum.TryParse<PermissionId>(policyName, out var permissionId))
{
policy = new AuthorizationPolicyBuilder()
.AddRequirements(new
.Build();

// Add policy to the AuthorizationOptions, so we don't have to re-create it each time
options.Value.AddPolicy(policyName, policy);
}

megaporky
Автор

The thing I was talking about before in other videos in this series was a third way to solve the problem you mentioned here 4:30 . (for authorization without calling the database and dealing with caches or storing all claims in jwt token) which is using enum flags. this is a much faster and more flexible way to deal with this problem. and we can use a single value in the database or jwt tokens, instead of list of permissions.

alirezanet
Автор

Thank you, explained it beautifully. Have you combined this with Identity?

bilalmehrban
Автор

In the next video u will show how to put the permissions into the claimsidentity. The thing with JWTs is that once they're created u cannot update them.
How would u handle permission updates in this case?

Dustyy
Автор

Hi, Milan! Thanks for the video series, they help me to progress on my pet project
I've got a question: Why are AuthorizationHandlers defined in the Infrastructure project, and not in the Application project for instance? What's the logic behind that?

algernonloos
Автор

Hi Milan, just followed your video series through and your explanation of the various classes required to implement a full featured custom authorization are superb and have saved me endless hours I'm sure! I wanted my permission model to be split into two elements e.g. Users with Author, Contributer and Viewer levels. To achieve this I have just concatenated the Permission and Level enums to create my policy name within the HasPermissionAttribute and then I deconstruct them in the policy provider to allow the correct creation of my permission requirement, do you think this sensible?

andyhb
Автор

Flexible implementation of a complicated code, But Interesting

edgarvalcarcel
Автор

Good job! Will you look into resource-based authorisation?

justhobbes