Security

Ben Collins

8 minute read

Motivation In my previous post, Practical Permission-based Authorization in ASP.NET Core, I tried to demonstrate how to implement a regime of permissions-based authorization without having to stuff it all into an ever-exploding list of roles, without abusing claims, and without having to roll your own framework-fighting implementation. Resource filters allow you to do this elegantly and still remain in harmony with the framework. However, I may have been too terse. I got a couple questions and a request for a working example, which seemed like a reasonable request, so that what this post is about.

Practical Permissions-based Authorization in ASP.NET Core MVC

Resource authorization implemented as TypeFilterAttribute-based attributes are an ideal way to implement permissions-based authorization in ASP.NET Core MVC.

Ben Collins

6 minute read

The New Identity framework As anyone following ASP.NET’s development in the last two years knows, ASP.NET Core has been released and there are a lot of changes. Gone are the days of IIS modules and handlers and the traditional ASP.NET pipeline. Instead, now we have a composable pipeline of delegates. Gone also are System.Web and much of the monolithic frameworks that often were used in web applications. The Identity framework is one that has also changed.