May 17, 2018 08:27 PM|PatriceSc|LINK
If not done already try
It might seem a bit overkill but IMO is quite nice to understand the ASP.NET Identity architecture. You'll notice also that you don't have to use everything. You can pick whatever is needed and add progressively.
http://benfoster.io/blog/asp-net-identity-role-claims are applied to all users being in this role.
For the authorization part have a look at
https://docs.microsoft.com/en-us/aspnet/core/security/authorization/?view=aspnetcore-2.0 if not done already. My understanding is that :
- all is based on policies that allows to express pretty much everything (ie my creepy page is available if the user is over 21 past 22 PM)
- claims and roles (not outdated) are implemented on top of policies and usable out of the box if this is what you need
- it's not exclusive, you can combine all this if your app needs it
- plus you also have an imperative resource based API that you could use to check if a user, for a given "document" is allowed to perform any operation you could define
For now I'm exploring that when enriching .NET 4.x to ease further migration. My understanding is that it could even be usable starting with 4.6.2 (.NET Standard 2).
If you need further help try to focus on a single subject and be done with that before moving to the next as it a bit hard to address too many questions in a single response.