Blazor Admin Page Tutorial (Roles, Policy, Claims)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

here is an example we're going to be making we're going to be making an admin page that allows us to add a user into the database give them a role and give them a claim and allow us to authorize that user according to the roller claim to you know whatever it is in our pages this information will help you with further projects because you'll understand the process and how to implement them in blazer welcome back lady and gentlemen today we're going to be going over roles policies and claims in a blazer server project now in my last video about authentication and authorization in there we went through how to just make the most very basic uh project we can with those things but in this case we go one step further and apply these policies claims and roles in our project once you know how to do it here you can do it anywhere basically and the concepts don't really change between blazer server projects when it comes to laser web assembly it might be a little different but in this case once you have this figured out you you really know how to do it for any laser project you might want so let's get started as promised we're gonna be starting from scratch but i will be skipping the first portions of it basically i'm gonna go through all the way to the migration step we're gonna do the migration real quick and then we'll start digging into all the roles policies and claims you don't know what i'm talking about that's fine i went over this in my other video uh i think i had some time stamps somewhere so laser uh you know claim rule rules policy video go plays claims rules pause perfect and yes here we're going to be using indian individual accounts as our authentication type starting off real simple and create that i've been guys anything new any new in the world interests you i'll be here all right perfect so first things first we are needing to go to the app settings json we're going to need to change this to match our database so yeah it gives us like a like a pre-generated thing here we don't need this we need an actual database so if i didn't mention before you're gonna need sql this is just my old project but we're just gonna be creating a new database from here so oops new database role policy and uh client there you go laser off our pc fine so in case you don't know what to do at this step you're going to need to fill in two pieces of information specifically the server that you're going to use and the database name you're going to use so i don't need this name here i want to give the name that i just wrote here is this one is it off our pc and then we're going to need to put in that server name here here connect object explorer get the server name from there and you move this so now yeah that's fine all right so we have our app settings.json already connected you need this uh first and foremost we're going to be running this in order for it to show up here we finally do the migration pieces and you'll see what i'm talking about if you do not know but before even doing that i want to do something real quick before i forget to do this step we're going to go over the program.cs file we're going to need to do some changes here so in this case i want you to i would like you to give me a second okay what i would like you to do is add this line to the add default identity so this was created for you and just above this at this line here identity rules we'll also use roles um within our project if you didn't add that it's gonna when we start using rules it's gonna give you an error and there's gonna be more stuff coming in as well but we'll get to it once we get to it i just want to add that little piece because that's really easy to forget so yeah next string is fine i think everything else here is okay yeah something really here that i need to change right now so we'll just say what i'm talking about for later don't worry don't worry about it the next step that we need to do is actually run the project and the reason why we're going to run is because i would like to very quickly have a user already inside the project and make sure that um we do the whole migration step that all the models that we need to create are created within the database so you don't know what i'm talking about talking about implementing all of these tables into our database so we just so the easiest way to do that to just uh register or login or whatever login might be easier and you're right your password here login actually give you an error and then within the error is going to ask you to do something called apply migrations you want to do this what's going to happen is it's going to apply the models that were in here into our table into our database my bed that's what you want to do and if you want to check to make sure that those were added go here go to tables and now we have new tables that we didn't add before i didn't add these beforehand you saw me make the database here so these are new tables and that's exactly what we want so in this case i think we're good to go we don't really need to do anything right now when it comes to this and if you want more information on what exactly is happening here i made two videos going over uh the ef stuff the anime framework stuff and i made another video going over the actual authorization authentication the simplest thing so we're just gonna be moving forward trying to implement the roles here in order to do that i thought that the best way is to give you a practical example how to use them which is let's say creating an admin page that's exactly what i'm planning on doing uh we're going to add a new um razer component here and we're going to call this razer component admin page and up here you're gonna be able to navigate to it oops sorry ladies gentlemen new keyboard still getting used to it just have that in there for now we're gonna go to the nav menu here we're gonna add that here so we are just adding a new page to the admin a new link to the nav menu as there's no authorization authentication pieces just yet we're just setting up everything that uh that i want in order to show you how things work easily are at least easy enough so in this case the idea is that we're going to be creating a new uh way of adding users to databases here so right now this is what a user is and this is where the user table goes uh these are table period so whenever you add a user they get added here and whenever we have a role they get added here now when it comes to roles we actually have to add these roles uh separately but we need to have the roles already set up beforehand however i'm not gonna get ahead of myself we're just gonna work on the page i'm just letting you know that there's gonna be some steps in the database you're gonna need to do um before this whole thing completes but for the mean time we're just going to work on creating our little uh menu here so in order to do that i want to create two objects or at least to um to classes to represent our users and our role it's because uh we're gonna be we're gonna be using the database but only need to put in information we're not gonna be extracting information i think it's much easier this way so in order to do that i am going to need to do create two classes one class is going to be for the user one class can be for the role in order for us to add them into those database tables that you saw there so let's do that just adding a new class in there just a normal class within the data folder in case you don't see it i'm not blocking all right so this is going to be the user class and then we're going to add just another one in there and call this the role class yeah just roll all right perfect so what does our user need a user requires a a login name or username basically so in my case i just want to make everything very very simple so i only really care about two things with the user that is the user's login name or their email it's gonna be an email it has to be an email and um their role so i'm gonna add that those pieces here and the reason why i keep staring away is because i have this project area created i'm just gonna copy paste these pieces here don't worry we'll fix that now so i have an email annotate uh emo data annotation there and it's required because we're going to be creating a form yes we're going to be creating a little form that's uh going to act as our our manager how we're going to interact with our database and how we're going to put users in there sure you could register your user using the register that it gives you but we could do it here as well and this will also teach you how to do it yourself in case you want to go outside of using the uh tools that are provided for you this is still using um the identity frameworks to using any framework so you're not going to get away from that but you will at least maybe get away from uh the the default things that the project brings you sometimes they're useful sometimes they're not depending on you so now that we have those this one set up we need the role set up as well the role is also just as simple role name and id all right i should do that so here is where we're gonna have some fun i'm gonna give you a giant thing that you need to look at before i start writing all the uh my html stuff and all the blazer components there are things that we need to bring into this we have a lot of libraries coming in here on this is actually not called that is called names rules policy whatever so here we're bringing you know the identity stuff some logging stuff i don't think we need this but i'll see get rid of we have some claim stuff he's going to be working with claims later on we need a user manager and science manager so the way that the identity framework works if we go here i go here there we go is that it brings you already some um some classes already prepared for you that has a lot of functions in there services oh either way you have some managers that's what they call them they call them managers that are prepared for you in order for you to um interact with the database or interact with the database that is prepared for you so you have some common things already good to go and we're going to be using some of them in order to apply our roles and claims and stuff specifically in this user manager we're going to apply the add to row and add claim stuff to our users and i'll be talking more about roles and claims probably a little later however just know that these managers contain the actual functions that we need so in case you have a mystery as to how we're exactly creating all these things because it's already been brought in for us through the identity of the identity framework also i need this as well the js runtime in order for me to get the alerts out because i want alerts in order to know whether something has been uh successful or not because we're not gonna be able to see it as the page will not refresh when you do these things that's blazer free so what do we need now now let us work on the actual uh edit form and the sign-in manager is used to create the user by the way it has it has other functions and stuff but uh we're probably not going to be using it yeah i'm just copying this from my other window here but yeah you're going to need a form we're going to have a model we're gonna call a new user and we're gonna have a function that we're gonna create within this code right here i'm gonna put it all here in order for it to be easier to see uh as we go along so i'm not gonna do the whole code behind thing some of these in there ready to go so now we need our model and we need our we need this function this also be a new user model to prefer the old way of doing this just a force a habit after doing for so many years okay also turn around because uh i know that my picture down here is pretty big but i don't want to just block the code like i realized some of the videos that do that i'm sorry about it but yeah also we don't really need to do anything here just yet so we're just going to stick around for a little bit we have our new user uh we have a new user for the model of the edit forms is a new user object we need a role list because we're going to be creating a list normally what happens whenever you want to do like an admin page you want to grab the roles from the database we're not going to be doing that here we're just going to be creating like a list of of role types is why i created the that role class in there we're making a list of these i'm going to be bringing that into this in order to choose the role we want and then apply that to that user and create them and then add them to the database that's basically all you're doing you're adding a role you're adding a claim to that one user and it goes through edit the database and you're good to go but in order to do that you have to do it all in the uninitialized async even though we're not using um an asynchronous like we we don't need to use the uninitialized async in this component because it's not going to be an asynchronous call but when you do do this by grabbing it from the database it you will have to use the initial unitalize async and i didn't see any issues with it working with my uh synchronous uh working with just the list i'm about to create so within this uh lifecycle method we're gonna add a rules list within the roles list we're going to add the rules obviously admin hr manager and user and then we're going to have an id for each one one two three four the reason why i chose this is because it kind of sort of matches what the rules look like uh here it's just a name and an id if it went here it's just uh it's two n-bar charts which is they're basically strings all right so that's just not over complicated in order for us to add the roles uh we could add them manually but i'm not gonna do that we're gonna do the programmatic way the way that you'll probably add them if you had to dig them up from a database and ensure that you have all the roles you need not worrying about whether or not they were changed so in order for that to work i have a for each loop it goes to that list and then it gets added uh in the list as a select list so what's happening here is that i created uh two steps the first step is i created a rule object itself but what's actually going to be added to the drop down list that i'm planning on creating is called a select list item that's how typically whenever you see a drop down list you want to kind of convert it into a select list item this isn't jake this isn't javascript a select list item is a microsoft class that allows you to essentially work with the drop down component a little bit better um because it only reduces the values to text value and selected there's other stuff in here i believe as well but these are the ones i only care about and yeah so i'm just doing the first one is selected true and if it's any other one then it's going to be false and that should make sure that the selected list item appears in the uh the drop down box but i've had issues with in the past with blazer specifically so we'll see but that's really all we need to do this is all the uh the for the first step of actually adding the roles should be perfect all right let us add these this function for now add user function to avoid and within there actually it's gonna be a public async void because we are gonna pass in data from here into the database so it has to be an asynchronous call and we're going to be using the edit context in order to grab the data that's in there so right now i don't think i need anything else for the moment i think that yep there you go so that should take care of all the errors and we have our roles list already good to go here our user model is instantiated here now we get to work on the edit form so on the edit form i want to just have uh two three things there actually we're gonna have a drop down we're gonna have two drop downs no no we're gonna have one drop down that's gonna be for the roles we're gonna have one input select input text so you could write the email and then we're going to have a button to submit it all in order to do that i'm going to have uh two form groups for the the two major components and then the one button is gonna be on on its own so you could make you could be all fancy just copy me what i'm doing here but you don't really have to do any of this i just have it so that you know this looks a little nicer i have a label for it called add user and then i have an input text here which gets the login name from this uh value here if you don't know how edit forms work i think i made a video about it uh just go check it out you know what i mean after this so this is an input text i got the id to match the label we have the name so this is good to go next thing i want is the input select so this input select is going to have our roles so again copy don't copy don't matter you want to be fancy with it if not just gonna look ugly it doesn't look that pretty either but who cares i certainly though input select i have an id here to match the id that should go here or do i i don't think i do i don't think i really need it but anyways we have bind value new user user role of course i have to have ids and in there you do a for each through your your list basically and the value of the list is going to be whatever the value is so our value is our id and we have a text that's going to be what you see so that's why i paired up each and every one of these roles with an id you have to kind of do that here as well you need a name for the role and then the id for it in order for you to do the relationship uh that you need to do in the database for it to match in the right places to match your user specifically and then finally we're gonna add our button so here we go we have a button here so what this does is once uh you know you click save you activate that and you submit whatever the information is in here so what we're going to do with this information is we're going to convert it into the user model because that's what it is we're making we're passing in this edit form as a user model and i believe we're only taking the value from it but it's going to be some more stuff we're going to have to do here in a second but for now i just want to make sure that the form works so oh yeah so in case you don't know how to uh convert something um as basically a generic into an actual vowel into an actual um object that has the parameters is how you do it there's one way of doing it and all i want to do is run this and check the progress so far so i should have a page that says admin page that allows me to add users but obviously we don't have any functionalities in there so i just want to make sure that it at least runs and that when i click submit with information it passes information up to this point so i'm just gonna put a breakpoint there right here there you go oh there's no need for us to login i don't have anything there oh that's right i didn't put this song and i didn't put the label either the things you miss when you copy paste yeah i missed that form group div thing and i missed the label for this but don't worry i'm just gonna hot reload and there you go tada power reloading is really great i like it so what happens if i were to do this oh it needs to be a valid email address the reason why i have that is because i have the validation summary in there so that i make sure i don't write you know bad stuff and make sure that it's an email format as you can see we have access to the admin hr manager so unfortunately this the selected thing doesn't work very well here i have to dig into that more but we have our roles here what happens if i save you're going to have your contacts here and your user model this is you're gonna see that i have my login name and the user roles value so the value got passed in here was not the name was the id which is fine that means that our our form is working we have created the correct form it is going through is passing data that i expect to be passing it so it's all gravy right now the next thing that we have to do in order to uh continue um making sure this is correct is actually going to add those roles into our role database so real quickly i'm just taking out the the stuff i did before so just have it here but in order for you to have your rules working you have to have in the asp.net role table rules for it to uh actually consider because if you don't have it then the user manager add to roles thing is not going to work so you're going to need to add those roles that i have here which are the same value it's gonna be one two three four like i had over there into this so one two three four id going to do that and do it through this insert into this table we're going to have some values in there you need to fulfill these values so you want your id to be one it's an n bar chart so these have to be a string admin and then when it says normalized name i just put capitalized versions of the name that all it is that each name is the same capital case basically or it's capital lowercase whatever it is that there are so you could just make the any conversions you need to do later easier for you or any comparisons actually for these and then we just do this three four and then i had hr's number two keep them the same don't make sure that whatever you have in this is what you have here and finally they use now we have that in there we have our rules ready to go so for the next step that's going to come after that is the actual implementation of this add user with role which means that here we're going to add we're going to be doing a lot of things simultaneously normally you would do this in different um in different steps so i'm just gonna be combining a bunch of steps here which is we're gonna be creating a user so any user that we add into it through our form is gonna be added um i don't think it matters if they exist or not in the database i have not actually tried that i think there is some sort of identity thing that tells you that you can add the same email or something but i don't really care about any of that right now so what we want is to submit a user give them a role and give them a claim as well so we're just gonna do all those steps in this one little function and it's gonna be real messy but you're gonna get you're gonna understand how to do all this in identity framework our user is equal to new identity user and then for this step i'll actually go through it uh typing then we're going to have the username so the username is of the user table right here so we want this username to be obviously what the user model is okay we're gonna haven't we need to give him an email it's actually going to be the same thing because our username and log name are going to be the same for this application and then uh what else do we need here oh yeah in order to avoid issues with the email confirmed stuff because if it's not confirmed then it's just gonna lock you out you could do it this way or you could change the program.cs stuff here that says sign in required confirm the account or something you just set that to false i believe that i'll do the same thing but i like having that on i'm just i'm used to just having that on to be honest it's more out of sense of nostalgia than anything else i'd rather just do this so now we're just going to fill in those that should be enough for the user i think everything else is a nullable thing so you don't have to worry about that and in the meantime i would also like to make sure that we have a message that pops up that says whether or not we were successful in our you know and submitting this user so we're just gonna have a message prompt ready to go when that happens we're gonna do all that in here and now to actually create your user this is what you want to use the user manager that's up here up here user manager object is gonna we're using one of the uh the functions that it has create async so we're gonna pass in a user and this allows to create a user and a user with a password now because of the default pages that are set up there you need a password to log in it's best to just give it a password so i'm just gonna use this the same password i've been using in every single one password one two three with the expansion point just to avoid any problems and you know obviously you would have you know like a password thing here that tells you user and then the password in the role or something but in this case we're just going to be as simple as possible all we really care about is the actual um assigning of the roles the claims and stuff and how to actually like generate them and stuff you know it's how to use it you want to get fancy with it you can in more complicated projects but this is just to assign the policies and stuff so if the result has succeeded that means that we've added the user successfully to our database and also this is a async by the way and when that happens i would like my message to change to message user was added now we haven't actually gone to the message portion yet i'm gonna get to it now this will be the next thing i know there's a lot happening here but i'll go over don't worry and also this is not correct so let's go over what's happening here see if you can see that just barely but yeah so here we're actually going to add the roles uh we're going to get a role instead from this list we want the role that we assigned to it so we don't know exactly what role was given to was given to this person at at this time unless we go through you know uh matching the value of the id that went through the user model and then matching it with whatever is in this list but you do something similar either here or if you're in a web assembly you do it in the server somewhere like this kind of um relationship essentially you'll be checking for the roles and make sure that that role that was added is in the list and then whatever is in the list that's gonna be the role that you take from it and then that information is going to be what you pass into the database and that's this piece here but what's happening here is now we're going to add the role to the user that the identity framework knows to do the or yet any framework knows to do the um the relationship to the user so here we have our user and we have the role that we just got from here so we get the role we match to the id that we sent back up here and then from there we pass in the role name because we have both the role id and the role name but we want to add the role name here in this case uh and if there's no role name is you add as a user just for safety so you have your user object and you have the role name here so now it knows to add the uh the right role to it so yeah you see here we have to use the name in this case went to here this is the the one i made before but there's not don't worry there's nothing here for you guys this is my old one actually i'm gonna get rid of that so you don't get confused we have both an id and a role id um for the asp.net user roles and i believe it's going to be adding that into there because it's not going to add it to the roles table because your role table is separate you're going to add it to the table that is connecting both to users and the role so it's going to be adding there you'll see when this happens so all we're doing is connecting both the role in the user and that's succeeded i want to add this to the message oh yeah we're gonna have a message prompt that's gonna be basically adding so if a user was added role was added then we're gonna add a claims after that but i think for now we're good with with me showing off what the roles are and i'm just going to add this you can do it yourself if you want this just tells you um this gives you the alert that you have available to you that uses the uh js interops maybe about that too but this is how you activate an alert with uh something that's in java in a javascript library so all we're going to do is add a user it's going to add a role we haven't added a claim yet but this user definitely has a role in here so let's just try this out and see that works remember this is the password all right so test two at test.com and make him an admin sure user was added role was added so we were successful in adding our user to the table you see something here yeah we have our user id these are these are good and the role id is one admin was was one in this case and we go to our users table here we see that our guy is existing here and uh and the rules claims that's not gonna change anything here oh okay perfect but now that is complete so let's let's actually go into the authorization of how to implement our roles and policies and stuff like that so in this case i haven't implemented a policy yet i'm just going to go over how to do the rules real fast the rule is probably the easiest one of them all so in order for me to do this let's create a page and call the admin other just call the roll page i'm going to be changing this a little later and in this page we're just going to use it so that whatever role i decide to authorize against it is going to be the rule that um like in this case going to be added this is how you uh secure a page so that you only allow a certain role to get in so in this case i only want and the admin role or admin roles to get in here so you have multiple roles in this place but we're just going to use one and then we're going to do the same to the nav menu so if you want to do something on the actual page itself that you want to lock them out you have to go through something called the authorize the authorized view so that's just a component so within this component we could actually assign either rules or policies so in this case i'm going to give it a role as a parameter and this role is going to be added role admin only page that's fine and i didn't give this a then give it a page route so let me add that in uh rotate not very creative but it will do wrong with you also my batteries ran out so i'm gonna switch out real quick sorry about that guys the camera died but where were we we're here at the roll page we're just adding the uh the raw page uri that i could add here in our nav menu i'm gonna get rid of this perfect all right now we're just checking to make sure that uh that one had the rule so we have everything set up the rule page should be connected to that other page and we should not be able to see it unless we are not we're not we're not authenticated yet so we don't have that page available to us the page was called uh something long uh role admin only page we don't see it here so let's as log in as this user so our password is the same for all users so what this tells us is that both the login process that we created and the um and the role that we have are being accepted by the identity framework now i'm not sure why it's doing that maybe i did something here let's just copy paste he might have did something i don't know maybe because this way is very very long anyways you can see the we are a role of admin right now according to the database and we can see this which is authorized to only admin roles and we could get to the role page so i'm just going to copy this real quick i'm going to log out i try to go to roll page logged out see i'm not authorized that means that our roles are are working as they should be and that is how you implement roles as an authorization and how you give someone a role through uh like something like this through these methods here so everything else was just to give context what we're doing so that we could just keep doing this over and over again all we want and keep testing them out so the next thing i would like to do is do the policy thing so a policy is basically a much stronger version of a role it does the same thing except that you could have roles as part of your policy and also have logic in them so you don't have to um go crazy because you know i think i explained that only having roles is kind of a limiter how we separate our code so if you want to have like you know only people are over 18 or whatever go to a site based off some information from your claims or if you are or you know what have you then you're gonna have a problem so in this case i'm gonna add an authorization uh this is this um a policy that has two policies admin policy for the admin and hr policy for hr so i know this is very simple it looks like it's really redundant but what this is now looking for are claims of both admin and hr for these policies to uh if we decide to use these policies in our code it's going to look for our person to have a claim of admin so right now i don't think yeah we don't have a claim available to us no we are we do have a role that's connected to us but we do not have any claims whatsoever so that's gonna be our next step so i'm gonna test out the policy stuff when we make the claims but trust me when i say this that like if i wanted to do something like this and uh you know add more stuff to this i can so i'm not limited to just doing this i'm just doing this here because it's much easier but we can have as many claims as we want and if uh we ever want to change our authorization piece works by changing the policy itself we have only one place to change it here where if you want to change the role you have all the roles to go through to change it on your program so that makes it also a lot more easier to manage as well just doing something like this in order to take care of like the roll stuff is probably best and i think it's good practice but before we could do that we need to give our our users a claim which i will do now but don't worry you'll see the policy in action once we put the claim in and to do the claim stuff we're going to do it down here so whenever a person gets a role or whatever also to give them a claim match that as well or to do the claim you just add claim get the user but now you have to create an actual claim object so claim objects are about our two values you can set you can give your claims as many values as you want but the default values that our claim gets are going to be these two so yeah you could these are all the um all the functions for the claims so we're just going to be using the first one to type in the value and you do a lot more with this or you can give people multiple claims if you want as well but i'm just going to stick with the role name as the as the type and then the id is going to be the value itself yeah so our roles are connected to id that these are the actual value of those roles and the names are just a way that we keep track of everything for our own selves our own sanity so what this is going to do just add the same uh the role is going to be whatever the role is going to be named and that will be the claim itself as well because right now my guy doesn't have any of these claims running so actually i will test that out let's make another authorize you but this time we're not going to be using the rule we're going to be using the policy instead and it's going to be the admin and if we go to the actually we're just going to make a new page you just change the page but i already called it roll page i'm just going to call this the policy page and we do the exact same thing we did here in order to lock out uh the policy page give it the attribute and we named our policy admin policy i believe right here yeah this is the one you want to use i'm in policy i'll keep that here what's gonna happen oh yeah honestly it's easy to do policy uh i'll run we're gonna log in as that same person again as test2 at test.com whatever i haven't done anything to him yet he's still the same guy he has the same role he shouldn't have any claims so it looks like i cannot access the i cannot see this claim stuff here let's try accessing it uh directly by adding this there instead policy page yep so even though i have an admin role my policy is just called admin policy it doesn't care so i'm not authorized to go in there just to show you that there is a difference between the two speaking of this stage oh yes i want it that's called the policy oh no that was the wrong one you know it's late there you go i'm going to change that to the policy page so even if i did the uh so even if i had the policy i still would be able to reach it because of the rule still i messed up here well that's okay we have the claim now and we're just gonna make a new guy that will have both the role and claim of whatever oh yes i want to do that s3 asks.com you will also be an admin but we have a role of admin and a claim called admin as well that we added to this guy let's log in same password so yeah we see this because he has the role of admin as well but we're going to do the policy of admin and we could actually reach the policy page because now he has a claim of of policy so i went to the claims table here we see we have one guy with a policy of admin right so here so yeah sorry about that um so yeah now we have test three this guy has both a role on a policy and he can reach both places because of that both admin places however let's just say i wanted to be sneaky i'm going to stop that it's more for my curiosity just want to see if doing that does anything it should oh it didn't interesting so our user claim did not affect that i changed the claim value to two always the claim type okay so there you go now we learned something watch this that's right i'll log out because i haven't done any of the uh the timeout stuff there we go ah yeah okay now that makes sense so when using the claims actually reading off the name using the role is reading off the id or something so there you go so what i was doing there just testing to see what i'm exactly reading off so now you know as well that what it cares about is just the claim type not really the uh the claim value but okay that makes sense to me because our policies only look for our is only look freeing for the uh link for is looking for this the required claim of that of the claim type yeah right there string claim type oh i should have read that before but save this a few minutes but yeah that's how you implement policies this is how you implement policies here and how you actually add them into the pages is through the authorized view policy or authorized view a component and there you can add roles and policies and on the page itself um let's see where's that page you have to add an attribute with authorize and either policy or roles with the name of it whatever the name is and then that is what it's actually going to get read and that's how it's actually going to be implemented and now you understand how to add claims to a user you can understand how to add a user yourself add a claim to the user or and add a role associated with that user as well and that's how roles and policies work i decided to just make this as an as an admin page because i believe that is the the best way to contextualize all this make sure i could have done this abstractly but i think that wouldn't have been as good and this reflects something a little bit closer to something that's real world there's not a lot of bells and whistles here and i didn't even grab the roles out of the database i just created them from scratch here but ideally what you would do is grab them from the database put them in that list that we have up here we're gonna make an admin page add a login name or username possibly a login name so you can separate the two and the password and once they are created you will probably have another process that will give them the roles and the claims that you need because what you usually want to do is separate the two you don't want you don't really want to add the user and then give them a role at the same time sometimes what you want to do is add the user first in some other process and then once you're in your admin page you could find the user exists and then give them a roll or whatever normally the reason you do that is because there's more steps involved in creating a user like you have other things you want to give them like a profile and stuff and then you know to authenticate them through uh make sure they do whatever process that your company might have like emails uh confirm their emails and all that good stuff but in this case we just stream the whole process into one uh one submit that just takes in whatever the login name is you add that person to the database with a role already assigned and give them a claims as well that's associated with that rule but this is basically what you need to understand and know in order to use the identity uh asp.net identity api in your projects add that claim add that role create a user you need to use the identity user object here um and the rest of it is just blazer stuff at this point there's something else that's special to it except that you had to inject your managers here the assignment manager was used for our creation of the user and the user manager was uh meant to add the roles and the claims to it these are stuff you could do with it but obviously is what we want all these other things are just stuff that you need in order to make all of it work um and this is just for me to have that alert pop out to make sure that i know that when something was submitted or not here's how you add a policy you have to make sure you add a services for the ad authorization and you can add your policies there and you can make it work with a claim and you can um also add more logic and stuff here but i'm not going to get too into that here just make sure that if you do want to work with roles you add this piece to the default identity before the entity framework stores make sure you add this or else your rules are not going to work it's kind of easy to look over and then obviously make sure you have the use authentication you've got the realization pieces right there also please have all your services above the builder you don't want to have it below or break the the program and that's about it now you understand how policies roles and claims work and your claim is just in case you don't know your all your claim is is just two things just two a pair of values the claim type and the claim value and yeah you could add more stuff to it later on or you could add more claims associated to a user as you see in this table i could actually give them another claim on top of it that we could read his claims as we go through the policy so i can make a minute admin and an hr so i go into both places blah blah all that good stuff if that's how you want to do it this is how your users are looking like and the default way of doing the ids here is through a good and then for the asp.net roles there's like a table here that's in between the role table that gets all the roles and your users that it associates both the user to the role according to the id but at the end they both read off the name so in this case the after you saw my little test of when i tried to manually change the claim what mattered was the name and i assume it's the same for the role the id only matters within the relationship of the table and i think that is it if i am incorrect about something here or misunderstand please let me know in the comments i love seeing that more engagement and i like being corrected to make sure that i'm a better programmer as well and i give good information but in this little admin page i believe we've gone through everything that we should be able to go through in order to get the point across and you know pretty much to it if you have anything else to add let me know please like subscribe let me know how you like it and say whatever you got to say to me in the comments or my discord which i will be adding a another link to so please join we'd love to have you that's it again for the fifth time that i've said it in this video bye [Music] you

Info

Channel: Just Blazor Programming

Views: 13,702

Rating: undefined out of 5

Keywords: blazor, C#, blazor C#, blazor 2022, blazor tutorial, .net blazor, C# blazor, what is blazor, .net 6, blazor webassembly, .net programmer, programmer, software developer, how to blazor, C# developer, Microsoft, .net, admin page, admin page blazor, asp.net core identity, roles, role, claims, claim, policy, policies, .net policies, .net claims, .net roles, blazor roles, blazor policies, blazor claims, how to implement authentication and authorization in blazor

Id: zKyaSbYhOm8

Channel Id: undefined

Length: 63min 59sec (3839 seconds)

Published: Thu May 12 2022