ASP NET Core role based authorization

Подписаться 829 тыс.

Просмотров 111 тыс.

50% 1

Role based authorization in asp.net core
Healthy diet is very important for both body and mind. We want to inspire you to cook and eat healthy. If you like Aarvi Kitchen recipes, please support by sharing, subscribing and liking.
/ @aarvikitchen5572
Text version of the video
csharp-video-tutorials.blogsp...
Slides
csharp-video-tutorials.blogsp...
ASP.NET Core Text Articles & Slides
csharp-video-tutorials.blogsp...
ASP.NET Core Tutorial
• ASP.NET core tutorial ...
Angular, JavaScript, jQuery, Dot Net & SQL Playlists
ru-vid.com...
Authentication and Authorization in ASP.NET Core
Authentication is the process of identifying who the user is.
Authorization is the process of identifying what the user can and cannot do.
Authorization in ASP.NET Core MVC is controlled through the AuthorizeAttribute
ASP.NET Core Simple Authorization
When the Authorize attribute is used in it's simplest form, without any parameters, it only checks if the user is authenticated. This is also called simple authorization.
[Authorize]
public class SomeController : Controller
{
}
We discussed simple authorization in detail in Part 71 of ASP.NET Core tutorial.
Role Based Authorization in ASP.NET Core
Role-based authorization checks can be applied either against a controller or an action within a controller.
Role Based Authorization Example
Only those users who are members of the Administrator role can access the actions in the AdministrationController
[Authorize(Roles = "Administrator")]
public class AdministrationController : Controller
{
}
Multiple Roles Example
Multiple roles can be specified by separating them with a comma. The actions in this controller are accessible only to those users who are members of either Administrator or User role.
[Authorize(Roles = "Administrator,User")]
public class AdministrationController : Controller
{
}
Multiple Instances of Authorize Attribute
To be able to access the actions in this controller, users have to be members of both - the Administrator role and the User role.
[Authorize(Roles = "Administrator")]
[Authorize(Roles = "User")]
public class AdministrationController : Controller
{
}
Role Based Authorization Check on a Controller Action
Members of the Administrator role or the User role can access the controller and the ABC action, but only members of the Administrator role can access the XYZ action. The action Anyone() can be accessed by anyone inlcuding the anonymous users as it is decorated with AllowAnonymous attribute.
[Authorize(Roles = "Administrator, User")]
public class AdministrationController : Controller
{
public ActionResult ABC()
{
}
[Authorize(Roles = "Administrator")]
public ActionResult XYZ()
{
}
[AllowAnonymous]
public ActionResult Anyone()
{
}
}

Наука

Опубликовано:

22 июл 2019

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 49

@carlsonaaron78 4 года назад

Great tutorials! Thank you!

@nguyentam5030 5 лет назад

Prefect, thanks Sir

@eduardorabanal2803 4 года назад

great explanation, thank you very much

@kristiyanivanov7414 2 года назад

Thank you, Kud. The last slide was especially helpful.

@sakthir3892 5 лет назад

Nice Explaination sir...

@jjque322 Год назад

great!!!!

@wrisheeshorola5772 3 года назад

Very useful content. I had a queries about this role base authorization.. Can we put this authorization with roles for an action or controller dynamically instead of decorating hard coded Authorize attribute with its role. Cause role may varies or newly created in that case if I had a mechanism to set that role dynamically for any action or controller where ever I want..

@satyamprakash6917 4 года назад

Great tutorial sir. Just want to ask what if i have to add authorization dynamically i.e i dont want to change code when i created a new role on controller level. what should i do? thanks for advance.

@sandeepna804 4 года назад

hi Venkat, how do we make sure that the logged in user can only modify own resources and not other resources in asp.net core web api?

@useruser-pq9nl 2 года назад

Thank you so much

@SIRASIFJALAL 4 года назад

I wrotem [Authorize Role="admin"] my application does not specify who the admin is. what happened behind the scene? means where and how our application does compare this admin to the admin store in database?

@learntolearn7502 5 лет назад

wonderful as usual Venkat. will you explain partial views in the upcoming videos?

@Csharp-video-tutorialsBlogspot 5 лет назад

Eglal - 100%. We will cover partial views as well. Thank you for the great suggestion.

@pavankogpayana 4 года назад

hi venkat, how the [Authorize] attribute determine whether the user is Admin or something else without any query or code?

@rayt6867 5 лет назад

Are you going to show how an Admin can do CRUD operation for users? Thank you very much for this excellent series.

@Csharp-video-tutorialsBlogspot 5 лет назад

Hello Ray - Yes we will cover all the CRUD operations of users in the AspNetUsers identity database table. Please stay tuned.

@rayt6867 5 лет назад

@@Csharp-video-tutorialsBlogspot Thanks very much!

@taiwobabalola4188 5 лет назад

How do you make this dynamic? That is setting the access level on UI that can only be accessed by admin only. Excellent job u are doing here. Well appreciated

@shantikontho 5 лет назад

sir how can i set roles name dynamically ? here u are set hard code role name.

@ranaranjan3581 5 лет назад

when it will be completed

@arbandyrmishi7151 4 года назад

Hello Kudvenkat, thank you very much for your videos. I have a problem with Role Based Authorization. When i insert [Authorize(Roles = "Admin")] in my AdminController and run the application. After logging and trying to navigate in /admin/listroles it redirect me back to the Login Page. (a continuous loop redirection to the login page). If i remove [Authorize(Roles = "Admin")] from AdminController everything works perfectly. Can you help me please!! Thanks in advance and have a nice day.

@katarinasimic7614 4 года назад

I have the same problem. Have you solved it yet?

@katarinasimic7614 4 года назад

app.UseAuthentication(); app.UseAuthorization(); use is this order

@arbandyrmishi7151 4 года назад

@@katarinasimic7614 sorry for the late reply, I only read your answer now. I confirm that the problem lay in the writing order of: app.UseAuthentication(); app.UseAuthorization();

@tranghuynh3142 4 года назад

same problem and i have done with your solution. Thanks!

@rupeshkhatri5296 3 года назад

@@katarinasimic7614 thank you :)

@sameerkanitkar 2 года назад

I need an Help Sir. How can I enable Controller changes at running mode

@shahidwani6445 5 лет назад

Sir, make a video on view components also

@Csharp-video-tutorialsBlogspot 5 лет назад

Sure Shahid - We will discuss .NET Core View Components in detail in our upcoming videos. Thank you for the suggestion.

@lebohangolifant6348 3 года назад

Do you have the video where you show how the project was created step by step?

@rupeshkhatri5296 3 года назад

it's the whole playlist from the begining you can find in his playlists

@MrSyedimranbasha 4 года назад

Great videos. It would be great if you can help with download the code/project used in these videos. Can you please tell me how I can download the code the same ?

@naodagere8210 4 года назад

Can be found at drive.google.com/drive/folders/1z49q-8xkKu8N8VjdemYKTs_4IbzBeLWM

@kimhongsieng6457 5 лет назад

Hi do you will have a video for dynamic authorization?

@Csharp-video-tutorialsBlogspot 5 лет назад

Hello Kimhong - Can you please explain what you mean by dynamic authorization and we will surely cover in our upcoming videos.

@kimhongsieng6457 5 лет назад

Thanks

@kimhongsieng6457 5 лет назад

As your video on the role bases authorization, the role is hard coded. How about role which get from databases?

@drakZes 3 года назад

Good explanation, but it would help that at the start of your video inform people that in this video you will not show people how to setup roles. That is what I am looking for.

@jollyjumbuck1562 3 года назад

If you haven't already seen it: Create User roles ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-TuJd2Ez9i3I.html

@dotnetdevni 4 года назад

I have done the same but always getting access denied

@MrFalcon58199 3 года назад

try re-login

@wibisonoindrawan5756 3 года назад

me too relogin does not solve the issue

@ramazanorhan4559 3 года назад

how can I reach that application can you send link that application

@Csharp-video-tutorialsBlogspot 3 года назад

Hello Ramazan - You can find the source code and set up instructors on the following page. Hope this helps. csharp-video-tutorials.blogspot.com/2019/11/aspnet-core-mvc-course-wrap-up.html

@ramazanorhan4559 3 года назад

@@Csharp-video-tutorialsBlogspot thanks

@hellosaqhellosaq 4 года назад

how your page redirecting to AccessDenied page? Mine is redirecting to 404 page. Thanks in advance

@Csharp-video-tutorialsBlogspot 4 года назад

Hmm - Not entirely sure why it's going to 404 page. Can you give me a bit more context on what you are trying to do. In general as you might already know, asp.net core automatically redirects to /Account/AccessDenied path if we try to access a resource which we are not allowed to access. I have a feeling you might not have either AccessDenied action in the AccountController or the AccessDenied view in /Views/Account folder. It will be great if you let me know how you are getting along in fixing this.