C
C#3y ago
DeaDo

ASP MinimalAPI Autzhorization

Hey, I would like to know how to create permissions dynamically. I know how to use things like Roles and the Authorized Keyword so far. But in my case, i want to enable deleting/updating entries only to people who created those / or which are related to these entries. For example i have a m:n relation between users and entityA. Right now i have a prop in the "in-between-table" that defines the relation between those. If somebody wants to change the entity, i take the userId in the endpoint and check in a linq querry if the relationship allows that. But this approach seems a bit weird since its in a completely different location than the authorization system of ms-identity and identity-server do those have a feature i could use to make authorization in a better way?
8 Replies
Unknown User
Unknown User3y ago
Message Not Public
Sign In & Join Server To View
DeaDo
DeaDoOP3y ago
So my approach is not weird i guess? Its just the only solution i could of so i did it this way. Any hints what i should make different if i don't want to use extra tech?
Unknown User
Unknown User3y ago
Message Not Public
Sign In & Join Server To View
DeaDo
DeaDoOP3y ago
1 more question. I have to prevent, that other users get to know the id of others right? I don't put it in the uri of the request, but i get it from the Claims Principal in the minimal api. So if somebody knows the id of sb else he could still permit himself to do everything the other person could do if he creates the right request with this id. Am i right?
Unknown User
Unknown User3y ago
Message Not Public
Sign In & Join Server To View
DeaDo
DeaDoOP3y ago
Ok, thanks 👍 Ill look into this as well
Unknown User
Unknown User3y ago
Message Not Public
Sign In & Join Server To View
DeaDo
DeaDoOP3y ago
Thanks 👍
Want results from more Discord servers?
Add your server