ASP NET Core role based authorization
HTML-код
- Опубликовано: 22 июл 2019
- Role based authorization in asp.net core
Healthy diet is very important for both body and mind. We want to inspire you to cook and eat healthy. If you like Aarvi Kitchen recipes, please support by sharing, subscribing and liking.
/ @aarvikitchen5572
Text version of the video
csharp-video-tutorials.blogsp...
Slides
csharp-video-tutorials.blogsp...
ASP.NET Core Text Articles & Slides
csharp-video-tutorials.blogsp...
ASP.NET Core Tutorial
• ASP.NET core tutorial ...
Angular, JavaScript, jQuery, Dot Net & SQL Playlists
ruclips.net/user/kudvenka...
Authentication and Authorization in ASP.NET Core
Authentication is the process of identifying who the user is.
Authorization is the process of identifying what the user can and cannot do.
Authorization in ASP.NET Core MVC is controlled through the AuthorizeAttribute
ASP.NET Core Simple Authorization
When the Authorize attribute is used in it's simplest form, without any parameters, it only checks if the user is authenticated. This is also called simple authorization.
[Authorize]
public class SomeController : Controller
{
}
We discussed simple authorization in detail in Part 71 of ASP.NET Core tutorial.
Role Based Authorization in ASP.NET Core
Role-based authorization checks can be applied either against a controller or an action within a controller.
Role Based Authorization Example
Only those users who are members of the Administrator role can access the actions in the AdministrationController
[Authorize(Roles = "Administrator")]
public class AdministrationController : Controller
{
}
Multiple Roles Example
Multiple roles can be specified by separating them with a comma. The actions in this controller are accessible only to those users who are members of either Administrator or User role.
[Authorize(Roles = "Administrator,User")]
public class AdministrationController : Controller
{
}
Multiple Instances of Authorize Attribute
To be able to access the actions in this controller, users have to be members of both - the Administrator role and the User role.
[Authorize(Roles = "Administrator")]
[Authorize(Roles = "User")]
public class AdministrationController : Controller
{
}
Role Based Authorization Check on a Controller Action
Members of the Administrator role or the User role can access the controller and the ABC action, but only members of the Administrator role can access the XYZ action. The action Anyone() can be accessed by anyone inlcuding the anonymous users as it is decorated with AllowAnonymous attribute.
[Authorize(Roles = "Administrator, User")]
public class AdministrationController : Controller
{
public ActionResult ABC()
{
}
[Authorize(Roles = "Administrator")]
public ActionResult XYZ()
{
}
[AllowAnonymous]
public ActionResult Anyone()
{
}
} - Наука
Prefect, thanks Sir
Great tutorials! Thank you!
great explanation, thank you very much
Nice Explaination sir...
Thank you, Kud. The last slide was especially helpful.
Very useful content. I had a queries about this role base authorization.. Can we put this authorization with roles for an action or controller dynamically instead of decorating hard coded Authorize attribute with its role. Cause role may varies or newly created in that case if I had a mechanism to set that role dynamically for any action or controller where ever I want..
Great tutorial sir.
Just want to ask what if i have to add authorization dynamically i.e i dont want to change code when i created a new role on controller level. what should i do? thanks for advance.
wonderful as usual Venkat. will you explain partial views in the upcoming videos?
Eglal - 100%. We will cover partial views as well. Thank you for the great suggestion.
hi Venkat, how do we make sure that the logged in user can only modify own resources and not other resources in asp.net core web api?
great!!!!
Are you going to show how an Admin can do CRUD operation for users?
Thank you very much for this excellent series.
Hello Ray - Yes we will cover all the CRUD operations of users in the AspNetUsers identity database table. Please stay tuned.
@@Csharp-video-tutorialsBlogspot Thanks very much!
hi venkat, how the [Authorize] attribute determine whether the user is Admin or something else without any query or code?
How do you make this dynamic? That is setting the access level on UI that can only be accessed by admin only. Excellent job u are doing here. Well appreciated
I wrotem [Authorize Role="admin"] my application does not specify who the admin is. what happened behind the scene? means where and how our application does compare this admin to the admin store in database?
when it will be completed
Thank you so much
sir how can i set roles name dynamically ? here u are set hard code role name.
Sir, make a video on view components also
Sure Shahid - We will discuss .NET Core View Components in detail in our upcoming videos. Thank you for the suggestion.
Hello Kudvenkat, thank you very much for your videos. I have a problem with Role Based Authorization. When i insert [Authorize(Roles = "Admin")] in my AdminController and run the application. After logging and trying to navigate in /admin/listroles it redirect me back to the Login Page. (a continuous loop redirection to the login page).
If i remove [Authorize(Roles = "Admin")] from AdminController everything works perfectly. Can you help me please!!
Thanks in advance and have a nice day.
I have the same problem. Have you solved it yet?
app.UseAuthentication();
app.UseAuthorization();
use is this order
@@katarinasimic7614
sorry for the late reply, I only read your answer now. I confirm that the problem lay in the writing order of: app.UseAuthentication();
app.UseAuthorization();
same problem and i have done with your solution. Thanks!
@@katarinasimic7614 thank you :)
I need an Help Sir. How can I enable Controller changes at running mode
Hi do you will have a video for dynamic authorization?
Hello Kimhong - Can you please explain what you mean by dynamic authorization and we will surely cover in our upcoming videos.
Thanks
As your video on the role bases authorization, the role is hard coded. How about role which get from databases?
Do you have the video where you show how the project was created step by step?
it's the whole playlist from the begining
you can find in his playlists
Great videos. It would be great if you can help with download the code/project used in these videos. Can you please tell me how I can download the code the same ?
Can be found at drive.google.com/drive/folders/1z49q-8xkKu8N8VjdemYKTs_4IbzBeLWM
Good explanation, but it would help that at the start of your video inform people that in this video you will not show people how to setup roles. That is what I am looking for.
If you haven't already seen it: Create User roles
ruclips.net/video/TuJd2Ez9i3I/видео.html
I have done the same but always getting access denied
try re-login
me too
relogin does not solve the issue
how can I reach that application
can you send link that application
Hello Ramazan - You can find the source code and set up instructors on the following page. Hope this helps.
csharp-video-tutorials.blogspot.com/2019/11/aspnet-core-mvc-course-wrap-up.html
@@Csharp-video-tutorialsBlogspot thanks
how your page redirecting to AccessDenied page? Mine is redirecting to 404 page. Thanks in advance
Hmm - Not entirely sure why it's going to 404 page. Can you give me a bit more context on what you are trying to do. In general as you might already know, asp.net core automatically redirects to /Account/AccessDenied path if we try to access a resource which we are not allowed to access. I have a feeling you might not have either AccessDenied action in the AccountController or the AccessDenied view in /Views/Account folder. It will be great if you let me know how you are getting along in fixing this.
Need to add in yout AcountController
[AllowAnonymous]
[HttpGet]
public IActionResult AccessDenied()
{
return RedirectToAction("Login", "Account");
}
This is broken for 3.1