发表新帖
发表新帖

Claims authorization for specific resources

后端 未结
关注
2 577
失恋的感觉
失恋的感觉 2021-01-12 09:54

I am writing an example file storage system (example just for stackoverflow).

My current domain models look as such:

public class User
{
    public i
2条回答
  • 灰色年华
    灰色年华 (楼主)
    2021-01-12 10:45

    I am not sure if claims are the right approach for what you are doing. What you really want to represent are permissions. A claim typically represent an identity attribute such as user name, email or roles it belong to, but not permissions. You could represent permissions with claims, but you might need tons of it depending on how big your application is. A typical approach is to map a role to a set of permissions (in your case, add files would be a permission). You can also create a custom Authorization filter deriving from the AuthorizeAttribute to check if the current principal has the right permissions to execute the action. That filter might receive the permissions required to execute the action as arguments.

    0 讨论(0)
 看不清?
提交回复
热议问题