ASP.NET Core - Roles vs Claims vs Policy

Подписаться 71 тыс.

Просмотров 97 тыс.

50% 1

In this video I attempt to give me interpretation and explanation of the roles, claims and policy implementations in asp.net core.
Project on github
github.com/T0shik/rolesvsclai...
Patreon 🤝 / raw_coding
Courses 📚 learning.raw-coding.dev
Shop 🛒 shop.raw-coding.dev
Discord 💬 / discord
Twitter 📣 / anton_t0shik
Twitch 🎥 / raw_coding
👉 Try Rider
www.jetbrains.com/store/redeem/
RD5K9-4TXXW-KMV3G-NYWSF-3ZSTP
More Information on the Roles, Claims and Policies.
Role based Authorization
docs.microsoft.com/en-us/aspn...
Claims based Authorization
docs.microsoft.com/en-us/aspn...
Policy based Authorization
docs.microsoft.com/en-us/aspn...
Good Stack Overflow Thread
stackoverflow.com/questions/2...

Опубликовано:

15 июл 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 141

@RawCoding Год назад

UPDATED VIDEO: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-W5T6713KRzg.html

@TakuCoding 5 лет назад

Best intro lol

@RawCoding 5 лет назад

Rhank you, I try my best ))

@ManuelBasiri 4 года назад

Very original. Really liked it. Keep up the good work good dude.

@RawCoding 4 года назад

Thanks) glad you liked it

@viktorbelousov640 4 года назад

comment just for pay respect) Thank you for the video!

@RawCoding 4 года назад

Thank you for watching)

@mistrykam 2 года назад

Great explaination! The diagrams showing the difference between role (binary) and claims (key/value) and how it's related to policy (permission) was really helpful.

@AssasinsCreeper 3 года назад

I had to watch this video a couple of times and read differets documentatons on this subject. But now, days later, I've finally understood! Many thanks!

@RawCoding 3 года назад

Glad you got it! Nice avatar as well )

@AssasinsCreeper 3 года назад

@@RawCoding I see you are a man of culture

@anikovarkonyi2419 4 года назад

Best video, thanks a lot I could finally understand these 3!

@RawCoding 4 года назад

Thank you!

@shenbrgd 4 года назад

Very informative. Love the intro 😂

@RawCoding 4 года назад

Thank you )

@mieto5545 5 лет назад

Thank u vvvvery much!!!! I am a new programmer but there is few tutorial on this newest version of Asp.net core 2.2 MVC. I have just been confusing for a long time on what you made in this tutorial . It really helps!

@RawCoding 5 лет назад

Glad I could help!

@far-red 3 года назад

At 9:15, i totally got the roles and policy concepts, i immediately git pull the solution, tested and understood, code is nice and clean. i was looking for this, and this really really helped, thanks.

@RawCoding 3 года назад

Awesome!

@josiahtmahachi7291 3 года назад

Awesome tutorial. Really clears up things. Thank you...

@RawCoding 3 года назад

Thank you for watching

@josephcoyle8126 Год назад

I was immediately hooked once I heard that intro track!

@Suncircle2011 4 года назад

Thank you, man! Finally I’ve got it. Msdn documentation doesn’t make it clear, and you do.

@RawCoding 4 года назад

Awesome!

@trash2trash 2 года назад

SuperB! nice abstraction demonstration :)

@RawCoding 2 года назад

Cheers

@aikidoshi007 4 года назад

Brilliant! Well done, thanks!

@RawCoding 4 года назад

Cheers!

@bahmanasheghi Год назад

the grand entry was awesome :)

@sammygimnyigei 4 года назад

Impressive!!!! thanks for the video

@RawCoding 4 года назад

Glad you enjoyed it!

@TheZohan-777 5 лет назад

great tutorial, thank you!

@RawCoding 5 лет назад

Glad you enjoyed it))

@rezameshksar503 3 года назад

I gave my like in the first second of the video. Great intro

@RawCoding 3 года назад

Hehe I tried ;)

@TriPham-id7jo Год назад

Great video!

@taraspelenio8259 4 года назад

Great explanation as well

@RawCoding 4 года назад

Thank you :)

@aj.arunkumar Год назад

very awesome video... thanks man..!!

@priyanshu4016 3 года назад

best start :)

@RawCoding 3 года назад

@lessel7517 4 года назад

Intro sound effects are Hollywood level

@RawCoding 4 года назад

hahaha :D

@edward_t450 4 года назад

Nice vídeo, Nice Channel. Alrewdy subscribed

@RawCoding 4 года назад

Thank you! Don't forget to join the discord server!

@nobudy_left 8 месяцев назад

best intro ever

@albertogalvan3425 3 года назад

awesome!

@RawCoding 3 года назад

cheers

@dmitrypopov501 2 года назад

Thanks very much.

@RawCoding 2 года назад

Thank you for watching

@govindsaini5600 4 года назад

Intro sound great.

@RawCoding 4 года назад

Hahha still cracks me up

@gasletel 4 года назад

Thumbs up for the intro

@RawCoding 4 года назад

Haha :D

@esnatzea 4 года назад

Nice intro bro!

@RawCoding 4 года назад

haha thank you

@codecorn6069 4 года назад

Hi. I have a question about "YearWorkedFilter" class in "YearsWorkedAttribute.cs" file. how Year property get value? in constructor, there is a [ Years = years; ] but how we get years at all?

@RawCoding 4 года назад

at 13:33 you can see we pass the value in the constructor (therse no 'new' keyword), github.com/T0shik/rolesvsclaimsvspolicy/blob/master/Claims/PolicyHandlers/YearsWorkedHandler.cs here's the class you can see we set year to Year.

@ibknl1986 3 года назад

Good video

@RawCoding 3 года назад

Cheers

@martink4975 4 года назад

I know this is an old video, but this one was one of the better once on the subject. Something clicked when you described policies as functions, which made me wonder about a scenario. If you have a Blog site and want to limit the amount of blogs a user can create, would you use a claim with a policy to check if the max limit has been reached on CreateNewBlog action (get/post) ? OR would you do something simpler like checking the DB when the user is inside the CreateNewBlog action ?

@RawCoding 4 года назад

Thank you, and you'd check the db no need to store it as claim. And in my auth series, (episode 3 or 4 I think) I explain how dotnet core provides resource based authorization.

@martink4975 4 года назад

@@RawCoding Amazing! I hope i can repay the time and effort you put into your educational content, just got to get that full stack job. thx again and have a wonderful weekend my man.

@RawCoding 4 года назад

@@martink4975 thank you man, don't forget to wash your hands

@abdelkrimbournane7332 3 года назад

Hello, thanks for the tutorial. I want to ask you : what's the difference between a claim and any other field in the user table (if we extends IdentityUser table) thank you.

@RawCoding 3 года назад

Claim goes in the ClaimsPrincipal object, the others are just properties on the User object

@abdelkrimbournane7332 3 года назад

I got it thanks, I should've finished the video before asking the question. Great content, thank you

@hadibazmi6340 2 года назад

love the them song:D

@RawCoding 2 года назад

Hehe

@khusravkholmatov3667 4 года назад

Thanks

@RawCoding 4 года назад

Thank you for watching

@christianrazvan 2 года назад

Good intro!

@RawCoding 2 года назад

Hehe

@samlama6223 3 года назад

Hello great tutorial, but quick question IAuthorization filter to validate claim for controller, but does it validate TokenValidationParameters?

@RawCoding 3 года назад

Don’t know

@vandeljasonstrypper6734 4 года назад

Hi man, In the new ASP.NET CORE the parameter of the controller can seem to read the Json object from the body of POST REQUEST from postman or nightingale Did you recently encounter this before ?

@RawCoding 4 года назад

If the http method is POST and the body of the request contains text that happens to be json, the dotnet core [FromBody] attribute will try to model bind that json to your model. It doesn't matter where the request is coming from. This has been working since v1 I think.

@vandeljasonstrypper6734 4 года назад

@@RawCoding I fixed it, turn out I remove the object and just throw the attributes to it and it automatically work. I have struggle all day with it

@RawCoding 4 года назад

Good job.

@yogeswarank 3 года назад

Thank you very much. Can you also make a video on how to change the user claim after the user is logged in. Need a flexibility to refresh the claims of the user without asking him to log out and login again.

@RawCoding 3 года назад

Use IClaimsTransformer

@yogeswarank 3 года назад

@@RawCoding Thanks for your suggestion. I tried the IClaimsTransformation earlier. The modified claims under TransformAsync works only for the current controller and doesn't work when redirecting to another controller. I'm using cookie authentication in .Net Core 3.1. Do I need to do anything additionally for IClaimsTransformation to work for subsequent requests to work with new claims.

@RawCoding 3 года назад

Watch episode 3 or 4 of my auth series I explain how to use it there.

@mohammadkheder8994 4 года назад

thank you . if i create new role on runtime , how i can give this new role permission on specefic method at runtime.

@RawCoding 4 года назад

It's a complicated thing to make, I can't explain in a comment.

@mohammadkheder8994 4 года назад

@@RawCoding thank you ,do you know vedio explain this ?

@RawCoding 4 года назад

@@mohammadkheder8994 No, it takes time and skill to properly implement what you are asking for.

@isnakolah 3 года назад

A like for the intro 🤣🤣🤣🤣🤣

@RawCoding 3 года назад

Eyyy

@baoshenyi 5 лет назад

Roles are required: a) admin has access functions b) not admin has no access to functions Claim = Role + other business rules (complicated authorization) a) admin + 5 years employee has access functions Policy : use Claim to apply the authorization, which could make claim easy to be coded

@baoshenyi 5 лет назад

Is this a good way to understand it? If authorization is complicated, role will be chosen and without policy?

@RawCoding 5 лет назад

I think you understand Roles correctly. Claims are not specific to Authorization but rather they define a user, You can then take a step to use the user definition to apply authorization using policies. Hope this helps.

@abhikale3946 Год назад

😘😘 your intro...

@RagdollRocket 4 года назад

intro gave me superpowers. and a slight headache =)

@RawCoding 4 года назад

Hahaha well balanced

@akbare-z815 3 года назад

dope intro

@RawCoding 3 года назад

Haha cheers

@marvincorreia2040 3 года назад

God damn nice intro kkk

@RawCoding 3 года назад

))

@demiryasinoruc 4 года назад

Like for first 10 seconds

@RawCoding 4 года назад

Haha thanks =)

@PerryCodes 2 года назад

IsAdmin claim vs Admin role… I still don’t have a clue what the pros and cons are and what situation each might be best used in…

@RawCoding 2 года назад

Claims describe a user, Roles are just claims with an extra layer. So just use claims really

@realliveone 4 года назад

If you weren't scrolling like a maniac when showing the code, I would know what's in it.

@RawCoding 4 года назад

lol, gotta go fast man! source code is available :)

@sammygimnyigei 4 года назад

i hope ill find a video on third party accounts by you

@RawCoding 4 года назад

Hey what do you mean third party accounts? You mean external authentication?

@sammygimnyigei 4 года назад

@@RawCoding yes OAuth facebook,twitter etc

@RawCoding 4 года назад

@@sammygimnyigei yes I. Will be covering that including identity server.

@sammygimnyigei 4 года назад

@@RawCoding imm looking forward to it

@psalterynbass 5 лет назад

Where is the git repository?

@RawCoding 5 лет назад

Thank you for watching the video, link to the git repo is in the description

@yuhechen7258 3 года назад

Congratulate everyone who come across this video.

@RawCoding 3 года назад

Thank you everyone for watching!

@kinggoncalo1587 3 года назад

Can u tell me whats the password for the admin ?

@RawCoding 3 года назад

Always password

@workcompe-bill4780 Год назад

Please redo this presentation. I've only found your channel a few days ago and I've watched many of your presentations. Wow! You have one of the most well articulated and thought-out set of videos but this one got away from you. You are all over the place. Although I understood the content and it made sense, I personally have struggled with staying focused. It was as if you were uncertain, disconnected, or at best you were forced into doing this video and didn’t want to. It very much seamed like you were an amateur that you are most certainly not! I am a loyal fan now, but not of this particular production.

@RawCoding Год назад

Good shout I’ll remake it, thank you.

@RawCoding Год назад

video will be up next week.

@craige7485 4 года назад

Could you please give me this code. I need it for a school project.

@RawCoding 4 года назад

Did you check the description?

@LienNguyen-vq1qv 2 года назад

the video image is too poor, you need to fix it more

@RawCoding 2 года назад

Fix more

@wisnu7734 3 года назад

Hi...just advice...i'm from asia..my english is not that good..so please talk slowly and using easy vocabulary on the next video...🙏🙏🙏

@RawCoding 3 года назад

Apologies

@hidaya1538 2 года назад

The into hhhhhhhhhhhhhhhhhhh

@nemanjacvetkovic3003 2 года назад

I've learned a lot from you videos. Thanks. But this one is you worst video sorry.

@RawCoding 2 года назад

Oh yea it was made long time agon

@absmand 3 года назад

downvoted due to intro.

@RawCoding 3 года назад

Sad you feel that way

@ahmmedisthebest 3 года назад

Oh man I disliked because of the first seconds You deal with nervous viewers because they have problems to solve. They need something clear, organized, and formal, not this low American behavior.

@RawCoding 3 года назад

Nervous viewers? You come to this video when you have time to study not when it’s crunch time. And low American behaviour? Seriously? Sorry high and mighty Ahmed’s Tutorials.

@ahmmedisthebest 3 года назад

it's not about me and whether i have time or not this is supposed to be technical video and its intro is not this is it

@RawCoding 3 года назад

So this is to uphold the “technical ideology” standards for witch you’ve invented yourself. Not saying this video is done to a high standard but a lot of good educational content is fitted with silly jokes.