133 of 153 people found this helpful
When an identity is created it may belong to one or more roles, for example Tracy may belong to the Administrator and User roles whilst Scott may only belong to the user role. How these roles are created and managed depends on the backing store of the authorization process. Roles are exposed to the developer through the IsInRole property on the ClaimsPrincipal class.
The new identity can belong to one or more roles, for example, Tracy can belong to the Administrator and User roles, and Whilst Scott can belong to the User role only. How these roles are created and managed depends on how the authorization process is stored. The IsInRole method of the ClaimsPrincipal class provides developers with how to use the role.
Adding role checks Add role validation
Role based authorization checks are declarative - the developer embeds them within their code, against a controller or an action within a controller, specifying roles which the current user must be a member of to access the requested resource.
Role-based authentication is claim-based, which developers embed into their code, assigning roles to a controller or methods within it, specifying that users in a request must meet the corresponding membership requirements.
For example the following code would limit access to any actions on the AdministrationController to users who are a member of the Administrator group.
For example, the following code will restrict any method in the AdministrationController to be used only by being a member of the Administrator group.
You can specify multiple roles as a comma separated list;
You can add multiple assigned roles to a comma-split list:
This controller would be only accessible by users who are members of the HRManager role or the Finance role.
The controller will only be accessible to members of the HRManager role or the Finance role.
If you apply multiple attributes then an accessing user must be a member of all the roles specified; the following sample requires that a user must be a member of both the PowerUser and ControlPanelUser role.
If you use multiple attributes, the access user must be a member of all roles; The following example requires a user to be a member of both the PowerUser and ControlPanelUser roles.
You can further limit access by applying additional role authorization attributes at the action level;
You can use additional role authorization attributes at the method level to apply additional usage restrictions;
In the previous code snippet members of the Administrator role or the PowerUser role can access the controller and the SetTime action, but only members of the Administrator role can access the ShutDown action.
In the previous code snippet, members of the Administrator or PowerUser roles can use the controller and SetTime methods, but only members of the Administrator role can use the ShutDown method.
You can also lock down a controller but allow anonymous, unauthenticated access to individual actions.
You can also block a controller, but allow anonymous users to use separate methods without authorization.
Policy based role checks Policy-based role checks
Role requirements can also be expressed using the new Policy syntax, where a developer registers a policy at startup as part of the Authorization service configuration. This normally takes part in ConfigureServices() in your Startup.cs file.
Roles can also be achieved by using a new policy syntax, where developers register a policy as part of the authorization service configuration in startup. This is usually added to the Sartup.cs file's ConfigureServices().
Policies are applied using the Policy property on the AuthorizeAttribute attribute;
Implement the policy by using the Policy property on top of the AuthorizeAttribute property.
If you want to specify multiple allowed roles in a requirement then you can specify them as parameters to the RequireRole method;
If you want to specify multiple roles in a request, you can specify them as multiple parameters of the RequireRole method:
his example authorizes users who belong to the Administrator, PowerUser or BackupAdministrator roles.
The authorized user in this example will belong to the Administrator, PowerUser, or BackupAdministrator role.
Transferred from:The hyperlink login is visible. |
Posted on 2020-6-7 21:25:56
|
|
|
Landlord|
Posted on 2020-6-7 21:36:01
|
