Last post Jun 28, 2017 08:35 AM by Cathy Zou
Jun 27, 2017 01:29 AM|degt|LINK
So far I have been working with Roles for authorization but that is not very versatile when you want to dynamically assign permissions without having to define or update roles and have to recompile when a new permission is added or required.
Therefore I was looking to use Claims to be able to define a set of permissions like "can edit news feed, can add news article, can delete users", etc. I wanted to be able to have some sort of permissions controller from which I could dynamically grant or
revoke permissions to a user or role. So basically having a pool of permissions that could be granted or revoked.
But when I looked at the Identity tables in ASP.NET Core 1.1 I quickly noticed that one could not create independent "stock" claims that I could assign to my heart's content. It is only possible to define a claim associated to a user or a role. And so, if
I have a set of claims that by force I have to associate to a RoleId then I might as well simply authorize based on the role rather than check on a specific claim, so what is the advantage?
Jun 28, 2017 08:35 AM|Cathy Zou|LINK
Claims can contain information about the user, roles or permissions, useful to build flexible authorization model. Token contains one or more claims and every claim contains some specific information. The token is digitally signed by token issuer when it’s
created, so that it can be verified at the receiver end. Token can also contain additional information e.g. expiry date or id.
Claims-based authorization encourages you to have a clean separation of business and authorization code – and that’s much better than sprinkling role checks all over your code base.
The claims-based identity mechanism can be used to build authentication and authorization process in application.
Disclaimer: This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found
on these sites; therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions
you to make sure that you completely understand the risk before retrieving any software from the Internet.