Read a lot of Jon's blog as he has stuff on EF Core even the MSDN doesn't. What I slowly learned moving into more and more complex projects is that there isn't any standard -- as much as we want that perfect, clean solution we also are restricted on time. There is almost never a solution that doesn't make you worry about the downsides.
I realized this too as I gain more and more experience. In software development there's no one size fits all, there will always be a case where a monolith will be better than microservices or when a basic jquery web application will be better suited than a React web app. The only thing you can do is to always have an open mind and be ready to acknowledge that what you learned yesterday might be obsolete or that it just doesn't fit the current project.
This is really cool... I worked on a similar system and we used bitwise addition to give permissions... This is much cleaner and more descriptive... I've also used bit-arrays in other cases...
Great idea, however i believe authorization should not be part of MVC pipeline. It should be handled by some internal in app logic. such as an internal decorator for a command in CQRS world.
@@kooraiber That way you can attach authorization to logical parts of code, such as a command or a query. rather than attaching authorization logic to a group of commands and queries (which basically what an mvc action is).
Are there any library I can use for that like Asp.Net Core Identity or do I have to create everything from scratch ? Cause I know it would mess up my clean architecture if I use it but don't really wanna spend days just for authorization. Is it a good idea to create a separate identity web application and to make API calls inside my commands and queries ?
