ASP NET Core role based authorization

Показать описание

Healthy diet is very important for both body and mind. We want to inspire you to cook and eat healthy. If you like Aarvi Kitchen recipes, please support by sharing, subscribing and liking.

Text version of the video

Slides

ASP.NET Core Text Articles & Slides

ASP.NET Core Tutorial

Angular, JavaScript, jQuery, Dot Net & SQL Playlists

Authentication and Authorization in ASP.NET Core

Authentication is the process of identifying who the user is.

Authorization is the process of identifying what the user can and cannot do.

Authorization in ASP.NET Core MVC is controlled through the AuthorizeAttribute

ASP.NET Core Simple Authorization

When the Authorize attribute is used in it's simplest form, without any parameters, it only checks if the user is authenticated. This is also called simple authorization.

[Authorize]
public class SomeController : Controller
{
}

We discussed simple authorization in detail in Part 71 of ASP.NET Core tutorial.

Role Based Authorization in ASP.NET Core

Role-based authorization checks can be applied either against a controller or an action within a controller.

Role Based Authorization Example

Only those users who are members of the Administrator role can access the actions in the AdministrationController

[Authorize(Roles = "Administrator")]
public class AdministrationController : Controller
{
}

Multiple Roles Example

Multiple roles can be specified by separating them with a comma. The actions in this controller are accessible only to those users who are members of either Administrator or User role.

[Authorize(Roles = "Administrator,User")]
public class AdministrationController : Controller
{
}

Multiple Instances of Authorize Attribute

To be able to access the actions in this controller, users have to be members of both - the Administrator role and the User role.

[Authorize(Roles = "Administrator")]
[Authorize(Roles = "User")]
public class AdministrationController : Controller
{
}

Role Based Authorization Check on a Controller Action

Members of the Administrator role or the User role can access the controller and the ABC action, but only members of the Administrator role can access the XYZ action. The action Anyone() can be accessed by anyone inlcuding the anonymous users as it is decorated with AllowAnonymous attribute.

[Authorize(Roles = "Administrator, User")]
public class AdministrationController : Controller
{
public ActionResult ABC()
{
}

[Authorize(Roles = "Administrator")]
public ActionResult XYZ()
{
}

[AllowAnonymous]
public ActionResult Anyone()
{
}
}

Рекомендации по теме

Комментарии

great explanation, thank you very much

eduardorabanal

Thank you, Kud. The last slide was especially helpful.

kristiyanivanov

Very useful content. I had a queries about this role base authorization.. Can we put this authorization with roles for an action or controller dynamically instead of decorating hard coded Authorize attribute with its role. Cause role may varies or newly created in that case if I had a mechanism to set that role dynamically for any action or controller where ever I want..

wrisheeshorola

hi Venkat, how do we make sure that the logged in user can only modify own resources and not other resources in asp.net core web api?

sandeepna

Great tutorial sir.
Just want to ask what if i have to add authorization dynamically i.e i dont want to change code when i created a new role on controller level. what should i do? thanks for advance.

satyamprakash

wonderful as usual Venkat. will you explain partial views in the upcoming videos?

learntolearn

I wrotem [Authorize Role="admin"] my application does not specify who the admin is. what happened behind the scene? means where and how our application does compare this admin to the admin store in database?

SIRASIFJALAL

hi venkat, how the [Authorize] attribute determine whether the user is Admin or something else without any query or code?

pavankogpayana

Are you going to show how an Admin can do CRUD operation for users?
Thank you very much for this excellent series.

rayt

How do you make this dynamic? That is setting the access level on UI that can only be accessed by admin only. Excellent job u are doing here. Well appreciated

taiwobabalola

sir how can i set roles name dynamically ? here u are set hard code role name.

shantikontho

Hello Kudvenkat, thank you very much for your videos. I have a problem with Role Based Authorization. When i insert [Authorize(Roles = "Admin")] in my AdminController and run the application. After logging and trying to navigate in /admin/listroles it redirect me back to the Login Page. (a continuous loop redirection to the login page).
If i remove [Authorize(Roles = "Admin")] from AdminController everything works perfectly. Can you help me please!!
Thanks in advance and have a nice day.

arbandyrmishi

Sir, make a video on view components also

shahidwani

I need an Help Sir. How can I enable Controller changes at running mode

sameerkanitkar

Good explanation, but it would help that at the start of your video inform people that in this video you will not show people how to setup roles. That is what I am looking for.

drakZes

Do you have the video where you show how the project was created step by step?

lebohangolifant

Hi do you will have a video for dynamic authorization?

kimhongsieng

Great videos. It would be great if you can help with download the code/project used in these videos. Can you please tell me how I can download the code the same ?

MrSyedimranbasha

I have done the same but always getting access denied

dotnetdevni

how can I reach that application
can you send link that application

ramazanorhan

ASP NET Core role based authorization

ASP.NET User Roles - Create and Assign Roles for AUTHORIZATION!

ASP.NET Core 7.0 Role Based Authorization || How to Implement Roles Based Authorization

ASP NET Core role based authorization

Role based Authorization in ASP.NET Core (.NET 7)

ASP.NET MVC - How To Implement Role Based Authorization

Role Based Authorization in Asp.Net Core using C sharp

ASP.NET Core - Roles vs Claims vs Policy

asp .net core identity | Role based authorization in asp.net core mvc 7

Quartz.NET as ASP.NET Core Hosted Service - Configuration Basics!

Role-Based Authorization in ASP.NET Core MVC

ASP.NET Core JWT Authentication and role-based authorization

Basic Auth: Roles, Policy, Claims (ASP.Net Core Stuff You Need To Know)

Asp Net Core - Rest API Authorization with JWT (Roles Vs Claims Vs Policy) - Step by Step

(#115) Roles in asp.net core | Create roles and manage roles using RoleManager & UserManager

Roles vs Claims | ASP.NET Core Identity & Security Series

Introduction To Permission Authorization In ASP.NET Core 7 | Permission Authorization - Part 1

Dynamic Role Based Authorization Asp.net Core

Add Roles In Asp.Net Core Identity | Role Based Authorization in Asp.net Core Identity API | Part-3

Role-based Authorization in ASP.Net Core (With Custom Authentication Handler)

Role based authorization vs claims based authorization in asp net core

.NET 6 Web API 🔒 Role-Based Authorization with JSON Web Tokens (JWT)

Policy-based Authorization in ASP.Net Core (with Custom Authorization Handler)

JWT Role Based Authorization in ASP.NET Core Web API

Role Based Authorization in Asp .Net Core Web API | using Postman | Asp .Net Core Web API Part -5