Thoughts about authorization
I was wondering what your thoughts about different ways of doing authorization?
Custom filter
Custom middleware
.net auth like policy based or other…
What are the tradeoffs for simple / complex authorization?
Does it matter when it comes In the order of the request? (Before / after middlewares/model binding)
Thanks
3 Replies
I just use ASP.NET's provider for handling the actual JWT <-> claims logic
Then I have my own authorization service to determine which users can do what
Where do you enforce those Authorization rules in your app?
My service has methods that take a user ID and resource ID and return a list of permissions
Then I check that list in the endpoint handler