asp.net-authorization

How to implement role authorization with custom database?

試著忘記壹切 提交于 2021-02-11 17:44:49
问题 I have an application which requires role authorization using custom database. The database is set up with a tblUsers table that has a reference to a tblRoles table. The users are also already assigned to their roles. I also want to use the [Authorize(Role = "RoleName")] attribute on each action to check if an authenticated user is assigned to "RoleName" in the database. I'm having a lot of trouble figuring out where I need to make a modification to the [Authorize] attribute so it behaves

ASP.NET CORE 2.2 authorization error redirect page

和自甴很熟 提交于 2021-01-29 13:20:28
问题 I wrote a Wep Application ASP NET CORE 2.2 in c# which uses the authorization. They work properly. When access is denied now the url is rewritten for example as follows: https://ebbwebdev.azurewebsites.net/Account/AccessDenied?ReturnUrl=%2FTelemetries and the page displayed is Error 404. I'm using ASP.NET Core Identity. How can I redirect access denied to a custom page? Thanks for your cooperation. 回答1: You can simply do as follows: public void ConfigureServices(IServiceCollection services) {

asp.net core - pass several parameters to custom authorization policy provider

喜夏-厌秋 提交于 2021-01-29 08:24:28
问题 I'm attempting to setup a custom policy provider in asp.net core. I need to pass in several custom authorization attributes to the provider but struggling with how to do so. I have it setup to accept one enum array currently and is working fine. However, I would like to add 2 more enum arrays as additional, optional parameters to the authorization attribute. Attribute as it is now: [LEMClaimAuthorize(new ELocation[] { ELocation.Indy, ELocation.Columbus })] Would like for it to work like so:

How to get user claims inside ASP Core 2 method without Authorize attribute?

限于喜欢 提交于 2021-01-27 12:09:34
问题 I have a method on an API that can be accessed anonymously. I want to use resource authorization to determine if the user has access. If the object is "public" than it can be accessed by anyone (including anonymous users). If the object is "private" than it can only be viewed by logged in users. This logic works fine if I have an authorize attribute on the method, but if not the User has no claims even when they are logged in. Is there a way to get the user's claims in a method without an

ASP.NET Core Custom Authorization

随声附和 提交于 2020-12-12 09:37:52
问题 I need to implement role based authorization on a .NET 5 API but the thing is that we don't want to decorate all the controllers with attributes and a list of roles, because all that configuration will come from either a config file (JSON) or an external service (TBD), in a way that roles will be mapped to controllers and actions and we would want to have something that centralizes all this logic, in a similar way we did before with Authentication Filters and Attributes. I've been reading

Dependency Injection on AuthorizationOptions Requirement in DotNet Core

删除回忆录丶 提交于 2020-08-01 03:57:09
问题 I have a .NET core project and am trying to create a custom policy using AuthorizationOptions as shown in the documentation located here: ASP.NET.Core Authorization - Dependency Injection in requirement handlers The examples show setting up an authorization requirement with 1 parameter - a simple int value. My custom requirement requires a string parameter as well as a DbContext object. I want to inject the DbContext into the requirement's constructor at runtime. I am using the Autofac

multi databases with own identity tables should connect with single web api and validate jwt token

江枫思渺然 提交于 2020-01-04 06:05:29
问题 i am working on a project which is same for several companies, so we have created different databases for different companies with same db structure, each db has it's own identity tables, roles based menus, role based access permission. I have written a single api to connect different databases based on username supplied. as all company logins with same login screen. we decide which db to connect by username passed on loginscreen. Example : 3 companies- abc.com,pqr.com,xyz.com single login

Implementing Authentication and role based authorization in ASP.NET MVC web API service and MVC client architecture

北战南征 提交于 2020-01-01 09:12:05
问题 I'm having hard time in deciding an approach while implementing Authentication/Authorization scenario for my Web API (Service) - MVC (client) architecture project. Even though i have implemented Custom token based authentication in Web API project, I'm finding it hard where exactly i should implement the authorization (In Client or in API itself). Architecture Overview : Projects Solution - | | __ ASP.NET Web API based REST service (Independently hosted on IIS at M/C 1) | | __ ASP.NET MVC

How to throw ForbiddenException in ASP.NET Core 2 Instead of using AccessDeniedPath

限于喜欢 提交于 2019-12-22 11:27:46
问题 I am working on an ASP.NET Core 2 web application. I am handling Access Denied page for [Authorize (roles OR policies)] pages. By default, Instead of showing the original URL and returning 403 status, ASP.NET Core 2.0 redirects the request to an AccessDenied page with status is 302 -> This is not what I want. Instead of redirecting AccessDenied page. I want ASP.NET Core throws my custom ForbiddenException exception so I can handle unauthorized accesses like I do for Unhandled exceptions. Here