❔ where exactly should i put authorization
so i read a few posts on where to put authorization and most of the people agree on putting it in the service rather than in controller. but in asp.net there's this [Authorize] attribute which if you try to put somewhere else rather than in the controller it just won't work - it doesn't block any endpoint and throws no errors (at least with no authentication scheme specified) whereas when i put it in the controller it works as expected - blocks the endpoint and throws expected error - in this case 500 internal server error, no authentication scheme specified. so my question is should i just use authorization in the controller or there's a way of implementing it in the service? and which way is better?
5 Replies
What about implementing the authorization logic in a service and injecting this service into your controller that has the [Authorize] attribute on a function?
so what you mean by that is just putting all the authorization-related code outside the controller and leaving controller functions with just [Authorize] attribute?
Unknown User•2y ago
Message Not Public
Sign In & Join Server To View
this is the super annoying and shitty way to do this
it works dont get me wrong its just annoying
I hate asp authz, how are all the solution so dogshit
Was this issue resolved? If so, run
/close - otherwise I will mark this as stale and this post will be archived until there is new activity.