If you are asking - how do I generate claims for controllers? watch this old, but gold video on reflection: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-cdG2JxuZvNI.html
Thank you Anton, beautifully done, as always. I would like to clear a thing in my mind. What is the difference *between* having an endpoint that hash a Tag/Identifier for accessing this endpoint (the way I understood it, is that is the permissionId what could also be a Guid.ToString()) *AND* an endpoint requiring a claim. The user will need to have *either* the claim *or* the "permissionId" to access the endpoint. The endpoint will statically always have some "demand". So, what is the "Dynamic" part here ? Is it that it is easier to Add/Remove permissions from DB instead of updating the claims from the User ? For example, the cookie cannot get updated, unless you re-sign-in. So essentially, what is the difference of having a user that has a claim that an endpoint demands, *and* having an endpoint that has some permissionIds and give those permissions to the user.
Dynamic is being fully configurable. Any endpoint any set of claims and then you can group claims in to roles and assign roles. Otherwise If you define which endpoints can be accessed by a role in code, if you want to change that it’s a code change.
@@RawCoding Thank you for the reply. So it is more "fine-grained" having a unique identifier for each endpoint and then assign this endpoint to the user, instead having a Policy (which consists of claims) that could be placed in more than 1 endpoints. Am I thinking in the right direction ?
Thank you very much for this video! I have a question tags attribute changes the way methods are displayed in swagger, is there any way to prevent tags from affecting it?
Hey man! so, i just started using minimal apis, and faced this problem as well. here is how you can make swagger ignore the permission tags. you can write your own GroupingFilter extending from IOperationFilter, inside that you can make it ignore the permission tags. then you just have to tell swagger to user your GroupingFilter like this: .AddSwaggerGen(c => { c.OperationFilter(); });
Yò stupid question here, but i guess those are the most important, how can i return a feedback to the client from this ? i saw you can add some fail reasons but i just get the html page as a result i did it like this if(user == null) { context.Fail(new AuthorizationFailureReason(this, "Your token expired!")); return Task.CompletedTask; }
@@RawCoding yeah i tried something like this byte[]bytes = Encoding.UTF8.GetBytes("Something went wrong buddy"); httpctx.Response.StatusCode = 405; httpctx.Response.ContentType = "application/json"; await httpctx.Response.Body.WriteAsync(bytes, 0, bytes.Length); but it doesn't seem to work i still get a 302 status and the html page as response :V
