How to implement Permission Based Access Control with Asp.Net Core

Question

I am trying to implement permission based access control with aspnet core. For dynamically managing user roles and permissions(create_product, delete_product etc.), they are

Answer 1

I had same requirement and i have done it as below and it works fine for me. I am using .Net Core 2.0 Webapi

[AttributeUsage(AttributeTargets.Class | 
                         AttributeTargets.Method
                       , AllowMultiple = true
                       , Inherited = true)]
public class CheckAccessAttribute : AuthorizeAttribute, IAuthorizationFilter
{
  private string[] _permission;
  public CheckAccessAttribute(params string[] permission)
  {
      _permission = permission;
  }

  public void OnAuthorization(AuthorizationFilterContext context)
  {
     var user = context.HttpContext.User;

     if (!user.Identity.IsAuthenticated)
     {
        return;
     }

     IRepository service = 
     (IRepositoryWrapper)context.HttpContext.RequestServices.GetService(typeof(IRepository));
     var success = service.CheckAccess(userName, _permission.ToList());
     if (!success)
     {
        context.Result = JsonFormatter.GetErrorJsonObject(
                               CommonResource.error_unauthorized,
                               StatusCodeEnum.Forbidden);
        return;
     }
     return;
   }
}

In Controller use it like below

[HttpPost]
[CheckAccess(Permission.CreateGroup)]
public JsonResult POST([FromBody]Group group)
{
   // your code api code here.
}