ASP NET Core role based authorization

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

this is part 82 of asp.net core tutorial in this video well discus rule-based authorization in a speed or net core authentication is the process of identifying who the user is authorization is the process of identifying what they use a can and cannot do authorization in asp.net core MVC is controlled through the authorized attribute when the authorized attribute is used in its simplest form without any parameters it only checks if the user is authenticated this is called simple authorization we discussed simple authorization in detail in part 71 of this asp.net code tutorial in this video well discuss role based authorization consider this piece of code in this example we have decorated the administration controller with the authorized attribute and have set the roles parameter to administrator so for a logged in user to be able to reach this controller or the action methods within this controller he must be a member of the administrator role otherwise they would not have access let's look at this in action at the moment we are on the list roles view let's edit admin role to this role we want to add a user let's make presume at presume techcom a member of the admin role notice this user resume I presume techcom is now a member of the admin role at this point let's flip over to visual studio and decorate administration controller with the authorized attribute bring in the required namespace if we leave the authorized attribute like this without any parameters then the only thing it checks is if the user that is trying to access this controller is logged in this is called simple authorization and we discussed this in detail in part 71 now our requirement is the user trigger axis this controller or the controller action methods must be a member of the admin role for that let's set these roles parameter to admin remember the name of the role is admin so it has to match this string exactly so set roles to admin save our changes at the moment we are not logged in let's try to navigate to slash administration slash list roles notice we are redirected to the login page let's login using the username presume at presume tech comm provide the password and hit the login button there we go we are logged in as presume and presume techcom and we are able to reach the list role section within the administration controller remember for the user to be able to access the administration controller or its action methods he has to be a member of the admin role our user presume at primatech comm is a member of the admin role so we are able to access the list role section now let's log out and log in as a different user click on the login link and let's login using the username ABC @ gmail.com we are logged in now let's try to navigate to slash administration slash list roles notice we are automatically redirected to slash account slash access denied for this user to be able to access the administration controller or its action methods he must be a member of the admin role now let's look at another variation of using the roles parameter consider this piece of code in this example we have specified multiple roles by separating them with a comma so to access this administration controller or its actions they logged in user must be a member of either the administrator role or the user role let's do the same for our project let's separate the roles with a comma save our changes and remember for these changes to take effect we must log out and log back in at the moment we are logged then using the username ABC at gmail.com let's log out and log back in keep in mind this user ABC at gmail.com is not a member of either the admin role the user role so if we try to navigate to slash administration slash list roles we should be redirected to access denied action now let's log out and log back in using the username presume at prism tech comm this user is a member of the admin role so we should be able to read slash administration slash list roles now let's edit the user role and make ABC at gmail.com a member of the user role there we go ABC at gmail.com is now a member of the user role let's log out and log back in using the username ABC at gmail.com because this user is now a member of the user role we should be able to reach slash administration slash list roles there we go now let's look at another variation of using the authorized attribute we can include multiple instances of the authorized attribute consider this piece of code in this example we have included two instances of the authorized attribute so to read this version of the administration controller the logged in user must be a member of both these roles that is the administrator role and the user role let's include another instance of the authorized attribute and here let's specify the role as the user and on this instance let's specify the admin role save our changes and take a look at the browser at the moment I'm logged in using the username test at prism tech comm behind the scenes I made this user a member of both these roles admin and user and remember to be able to reach the administration controller the logged in user must be a member of both these roles and because this user is a member of both the roles we should be allowed access to slash administration slash lists roles now if I try to login using the username presume at primatech dot-com or ABC at gmail.com we will not be allowed access because they are either a member of the add roll or the user role but not both the rolls so let's log out and log back in using the username prism at prism tech comm we are logged in let's navigate to slash administration slash list roles there we go we are not allowed access authorized attribute can be specified either at the controller level or individual action level or both consider this example notice at the controller level we have included one instance of the authorized attribute and specified multiple roles by separating them with a comma so this authorization setting is applicable for the entire controller that is for all the actions within this controller unless we have overridden the settings by including another instance of the authorized attribute or allow anonymous attribute so with these authorization checks in place members of a to the administrator role or user role will have access to the ABC action on the other hand only members of the administrator role will have access to XYZ action finally since we have decorated the action method anyone with allow anonymous attribute anyone can reach this action method including anonymous users that's set in this video thanks for listening [Music] you

Info

Channel: kudvenkat

Views: 103,199

Rating: undefined out of 5

Keywords: asp.net core role authorization, asp net core authorize roles not working, asp net core role based authorization example, asp.net core authorization roles, asp.net core authorize multiple roles, asp.net core custom role authorization, asp.net core identity role permission, asp.net core mvc role based authorization, using role to authorize user in asp.net core, asp.net core authorize user using role

Id: DXVe6skc42k

Channel Id: undefined

Length: 8min 25sec (505 seconds)

Published: Tue Jul 23 2019