All your videos are right on time 🤩 We use Microsoft Entra ID for authentication. However, we plan on building our own access control API and make use of claims transformations. We use Redis as cache.
Great video. I just have one question: if I need to access the database in the claims transformation process, where should I do it? In the implementation of IClaimsTransformation interface, or in the permission provider class?
I would love to have middleware that can consume the first part of a url param to determine authorization… api/{departmentid}/{createorder}, now we have to determine authorization in endpoint itself.
great video, but in this case the normal user has the same permission than a user with a standard plan, he or she just need to be registered, even tough it was a great concept, you take the CreateScope and GetRequiredSerrvice from my comment?
interesting solution. the problem is that that this only works in a monolith. if you have 2 apis 1 .net and 1 python, then this logic will not work here. rather i think permissions should be part of the access token claims. in this way it won't matter what programming language I'm using, I'll be able to extract the permissions from the access token
Or they can both run the same logic and get the claims? In fact, you can cache the results in a distributed cache so the other API doesn't have to do any work
The setup process for using Minimal API in production is tiresome. It's either Controllers or FastEndpoints, one of the best libraries in the ecosystem right now. FastEnpoints is what minimal API’s should have been.
Want to master Clean Architecture? Go here: bit.ly/3PupkOJ
Want to unlock Modular Monoliths? Go here: bit.ly/3SXlzSt
All your videos are right on time 🤩
We use Microsoft Entra ID for authentication. However, we plan on building our own access control API and make use of claims transformations. We use Redis as cache.
I think this will be a great fit for your use case. Will you use Roles/Permissions, Policies?
@@MilanJovanovicTech Policy-based authorization with permissions.
Roles and Groups would be managed by our Access Control API.
Great work, what is the advantages compared to adding claims directly into jwt?
Smaller JWTs
Great video. I just have one question: if I need to access the database in the claims transformation process, where should I do it? In the implementation of IClaimsTransformation interface, or in the permission provider class?
It's all the same. I'd put that in a service that I will resolve from the IClaimTransformation impl.
He stated at 6:28 that you could replace GetSubscription with an API or Database call.
Inventory management with redis. I like you with it
Interesting for shopping carts also
Excellent video! I learned a lot from you today :)
Glad to hear it!
Does this work well with dynamic claims? Let’s say a CreateOrder Claim but said user can only create them for his department
I think you'd need to have auth in the use case as well
I would love to have middleware that can consume the first part of a url param to determine authorization… api/{departmentid}/{createorder}, now we have to determine authorization in endpoint itself.
@@EvekoShadow That's resource-based authorization, which is a bit different.
Great content as always 💯
Appreciate that!
great video, but in this case the normal user has the same permission than a user with a standard plan, he or she just need to be registered, even tough it was a great concept, you take the CreateScope and GetRequiredSerrvice from my comment?
It's a dummy example... The plan would be fetched from a database, for example.
@@MilanJovanovicTech ok i got it, great video thank for sharing your knowledge with us, i really appreciate it
interesting solution. the problem is that that this only works in a monolith.
if you have 2 apis 1 .net and 1 python, then this logic will not work here. rather i think permissions should be part of the access token claims. in this way it won't matter what programming language I'm using, I'll be able to extract the permissions from the access token
Or they can both run the same logic and get the claims? In fact, you can cache the results in a distributed cache so the other API doesn't have to do any work
How does this differ from ClaimsPrincipalFactory?
It's not an Identity concept
Sorry, but what should be stored in Infrastructure and Persistence?
Check here: ruclips.net/video/TQdLgzVk2T8/видео.html
@@MilanJovanovicTech There was nothing I needed
我想知道 Infrastructure 和 Presentation 中应该存储哪些内容?
Check this out: ruclips.net/video/TQdLgzVk2T8/видео.html
@@MilanJovanovicTech Sorry, but what should be stored in Infrastructure and Persistence?
Thanks Milan
Any time! :)
Thanks best video!
Glad you liked it!
Good video
Glad you enjoyed!
Really good video, except i dislike minimal api, but other than that great.
Thanks. Why do you not like Minimal APIs?
Its only about adapting to change😊
The setup process for using Minimal API in production is tiresome. It's either Controllers or FastEndpoints, one of the best libraries in the ecosystem right now. FastEnpoints is what minimal API’s should have been.
I want to know as much as you
One video at a time :)