Ben Collins

8 minute read

Motivation In my previous post, Practical Permission-based Authorization in ASP.NET Core, I tried to demonstrate how to implement a regime of permissions-based authorization without having to stuff it all into an ever-exploding list of roles, without abusing claims, and without having to roll your own framework-fighting implementation. Resource filters allow you to do this elegantly and still remain in harmony with the framework. However, I may have been too terse. I got a couple questions and a request for a working example, which seemed like a reasonable request, so that what this post is about.

Ben Collins

3 minute read

ASP.NET Core applications are configured using the Configure and optionally, the ConfigureServices methods of the startup class (typically Startup). ConfigureServices is used to set up the dependency injection container that ships with ASP.NET Core. The method signature looks like this: public void ConfigureServices(IServiceCollection services); That IServiceCollection instance is the developer’s surface area for configuring dependencies. Mvc can be configured like this: public class Startup { // … public void ConfigureServices(IServiceCollection services) { // …

Practical Permissions-based Authorization in ASP.NET Core MVC

Resource authorization implemented as TypeFilterAttribute-based attributes are an ideal way to implement permissions-based authorization in ASP.NET Core MVC.

Ben Collins

6 minute read

The New Identity framework As anyone following ASP.NET’s development in the last two years knows, ASP.NET Core has been released and there are a lot of changes. Gone are the days of IIS modules and handlers and the traditional ASP.NET pipeline. Instead, now we have a composable pipeline of delegates. Gone also are System.Web and much of the monolithic frameworks that often were used in web applications. The Identity framework is one that has also changed.