C
C#2y ago
DeaDo

ASP MinimalAPI Autzhorization

Hey, I would like to know how to create permissions dynamically. I know how to use things like Roles and the Authorized Keyword so far. But in my case, i want to enable deleting/updating entries only to people who created those / or which are related to these entries. For example i have a m:n relation between users and entityA. Right now i have a prop in the "in-between-table" that defines the relation between those. If somebody wants to change the entity, i take the userId in the endpoint and check in a linq querry if the relationship allows that. But this approach seems a bit weird since its in a completely different location than the authorization system of ms-identity and identity-server do those have a feature i could use to make authorization in a better way?
8 Replies
Unknown User
Unknown User2y ago
Message Not Public
Sign In & Join Server To View
DeaDo
DeaDo2y ago
So my approach is not weird i guess? Its just the only solution i could of so i did it this way. Any hints what i should make different if i don't want to use extra tech?
Unknown User
Unknown User2y ago
Message Not Public
Sign In & Join Server To View
DeaDo
DeaDo2y ago
1 more question. I have to prevent, that other users get to know the id of others right? I don't put it in the uri of the request, but i get it from the Claims Principal in the minimal api. So if somebody knows the id of sb else he could still permit himself to do everything the other person could do if he creates the right request with this id. Am i right?
Unknown User
Unknown User2y ago
Message Not Public
Sign In & Join Server To View
DeaDo
DeaDo2y ago
Ok, thanks 👍 Ill look into this as well
Unknown User
Unknown User2y ago
Message Not Public
Sign In & Join Server To View
DeaDo
DeaDo2y ago
Thanks 👍
Want results from more Discord servers?
Add your server
More Posts
Why is not this button working?``` private void signinbtn_Click(object sender, EventArgs e) { if (StrinDebugging code that emit types, bugged Type.FullNameHello, I'm trying to debug some tool. It break since I started to use generics type, and try to emitCQRS and Event SourcingWhat would you guys use for CQRS and Event Sourcing in .NET? Preferably with in-memory event store fEF Core Add-Migration only includes key columns [Answered]Hi, I'm using EF Core for the first time. When I run Add-Migrations command, the migration classes awhat is the easiest way to make a prime number finder```csharp using System; using System.Threading; namespace asal_sayı_bulucu { class Program How do i pass data from one form to another?eg. i want to click a button in form1 then be able to form2 and see the image of picturebox changed Mutiple Databasehi, i want to create 2 different database which one with Materials and the other one with Programs iSave values from dict [Answered]Hello guys. I need help... I've been coding an algorithm where I need to store the values of a dictiVScode-equivalent functions in MSVS [Answered]1. VScode has a handy function where you are able to CTRL+CLICK into a function name in a .class filPublish fail [Answered]Im encountering an unknown error when trying to publish code to folder, see screenshot: