How to implement role based authorization in Blazor Server apps

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey there and welcome back to the code wrinkles channel for a brand new video in this one we'll talk about how to implement role-based authorization in a blazer server application so this video is actually or well we could consider it in the series on blazer server authentication and it is one of the i would say last year in this series to actually get the fundamentals of how authentication and authorization works in blazer server applications so if we want to start that the idea is or what we want to achieve here in this video we are right now on this counter component and we already see that we have this authorized view however on this authorized view right now we don't apply any policy or anything else so by default right now it would actually uh take into consideration that the user needs to be authenticated in order to have access to this specific component now what we want to do now instead is we want to make this counter available only for administrators but not for other type of users or users that have no role at all we just want to restrict this counter to be visible only for for those users who have the administrator role in our application now in order to do that we will once again have to see how we set this up it's not really complicated but we have to do a few steps and then the second part is how we how do we actually get the roles in our application and usually you would probably have user management thing or a user management part in our application where an administrator or an existing administrator could assign roles to other users or things like that however we will not set this up and we will actually make this role assignment as a part of the user registration process exactly like we did with the claims in just a video before that so if you want to check that video i will leave this the the link in the description of this one and there's also a card here somewhere on the screen that might redirect you to the video on claims based on authorization in blazer server application so let's get started with that and let's first of all set up everything that we need here in our blazer server application now the idea is that when we register identity that actually adds some default identity services that we already have views like user manager or the sign-in manager that we have used to sign in user and that's okay but if we actually want to work with roles well then in that case we have to actually add an additional service so in this case we'll just go here make a little bit of space and just before add entity framework stores but by the way add entity framework source ensures that all repositories from microsoft asp.net core identity are added so that we can actually interact with the sql tables that we have underlying or that microsoft asp.net core identity uses in our database so right before we say that we say that we want actually to add roll and here if sorry add rolls now in this add rolls this this is a generic method and we have to specify what type of roll do we actually use and we will use the default identity role which we specify here when we add identity so that's actually what we need to do so that's the first step if you want to add role based authorization in your blazer server application the first thing is to make sure that you also add the role services and this will as we can see here make available some services related to roles including this role manager and that's actually the service that we will need just a little bit later so that's the first part that we need to do and for setting up this backend part at least in this program.cs class that's pretty much it so there's not really anything else that we could do here so let's for that purpose instead go over to our register part because here in our register is where we will also assign users to roles when they first register and we will make a field actually an input form or an input field in a form where the user can actually just type the role that they want but i guess you get the idea this is just to get the role in our application the way that this might work is probably will have a dedicated section of your application where administrators can assign roles can add roles or add new roles can maybe remove rows and things similar to that so let's have here first of all this public string and let's call it roll and remember that that city we actually used for the claim that we used to restrict or show only parts of the applications based on a certain claim or based on the value in a certain claim so in this case we will just say that okay this is also required right now now what we would actually have to do is of course in our login form or register form for that matter we can just copy this over and just duplicate it now the only thing that we will do here is that this is for input 4 input roll and also here the same thing and then also here the same thing right now that should make our field role available in our application so now let's go to the code behind part of of this thing and as said we need here to inject another service and that service is the role manager so let's have it private read only and we'll call this a role manager of identity role of course and role manager as the name of our field and the exact same service we need to inject via dependency injection by the way when we added this add role in the program.cs it made or it registers all the services in the di container so you can just inject them wherever you need them so in this case we will need here the role manager of identity role like that and let's call it role manager that should be something like that and of course we need to assign it to the field just like that cool so right now we have everything going now the only thing that we need to do is go in our on post async method where where we actually get when user clicks on a register and here we already have some actions like we create we create the identity user for that user using this user manager then we add claims to the user and we'll the user manager to add the claims to the specific user and then what we do is actually we just simply verify if those two operations are actually successful and then what we do is well we sign in the user so to this entire process we just want to add here some additional features that would actually right now create a new role so let's say here for role equals new identity role because that's what we actually want uh to create right now and uh let's we'll take the value for the role from the input input row that would be that would be the name of the role that's actually just a very very simple string now the next thing that we need to do is we need to add our role to the database because we have a table which is called asp.net roles and we need to add this new role to the database so let's have here var add a role result equals and we await and in this case we use the role manager to create a role we have this create async method and we can just specify the role that we have just created and then the other thing that we want to do is we want to add the user to the role that we have just created so we will have here of our add user role result equation that would be a weight uh user manager in this case we use the user manager and here we have this add to role async and that's what we actually did so we need to just uh use right now uh the actually the user that we already have which uh is the identity sorry in this case identity and then we can specify once again the input uh dot road which is exactly the role that uh that we have cool and that would actually add our user to or add the role to our um user what happens behind and actually i want to show you this uh let me go here to sql server object explorer because i guess this is an important thing that you would have to take a look into is that if we go to this uh where is it i guess it's this uh database uh and we have here a few tables and you see that we have the asp.net roles we have of course the asp.net users and we have the asp.net user roles and if we look into that in the columns we can see that that's actually a bridging table a joining table because we have a many-to-many relationship between a user and a role because a user could have several roles and a role could belong to several users so what we do here with this final step is actually we add an entry here in this asp.net your asp.net user roles table so that's what we actually do here now the only thing that we need to add here is we will actually change this check and we want to make sure that add a role result succeeded and also make sure that the other one succeeded and uh user role result dot succeeded it's maybe i don't know bring this to another line to make this just a little bit more readable and if all these conditions are met then we just simply sign the user in so that's how we actually get the roles into our application and that's how we assign roles to a certain user so the last piece of this puzzle is of course to actually check and see exactly how we can make sure that that counter is available only for administrators so in that case let me just go back to the counter and actually you see that we have this authorized view and in this authorized view we have seen actually during the video on claims based authorization that we can specify a policy now of course we could even use a policy here but when we want to work with roles there is also this option we have this roles parameter and here you can actually specify um different role names separated by a comma that should actually be taken into consideration and we want uh to make sure that we this one is displayed only for the administrator role of course if we would like to display that for an additional role we can just put here a comma and then actually that would be it and that's it that's how we implement role-based authentication or authorization here in our blazer server application but don't trust me let's run this application and check out exactly how we can do that so we'll go right now through the entire process we'll register two users one user that will have a role that is called administrator and the user that will have another role that we'll call probably something like user or or something like that and then we'll actually see how differently this application behaves depending actually on uh what role this user has let me bring this to the other screen and yeah right now of course we are not logged in at all so if we click on the counter we cannot see that if we click on fetch data i guess we cannot see that either um yeah we cannot see that either but it took a little bit longer because uh it worked with the database so let's click or click here on register so the first user uh let's just use uh this one it would be let's type in a password let's provide a city let's use for the claim space authorization and let's make this user an administrator and we register the user and right now everything is okay we are logged in we can see that and if we click on the counter we can see the counter and we can actually log in which is fairly fairly okay now let's now log out here of this application and let's click on register again and here let's have this user.example.com which is the second user that we will register let's uh specify here also the password uh let's have the city we take berlin this time and the role let's make it user so we can register and logged in everything's okay but right now if we go on the counter you see that you are not authorized to view this content so we achieved role-based authorization in a blazer server application just like that however before we wrap up i just want to close this application and i won't just i just want to go back to this program.cs uh part and just take a look here where we have this services authorization so we have added a policy that requires a certain claim now if you want to actually create a policy for roles or a more complicated policy that would combine maybe certain roles with certain claims because that's also possible you could simply just come here and add for instance uh an additional uh like options dot add the policy and here it would be let's name this all the administrator only let's just copy that over to make sure that uh that everything's okay and then we can have here like a policy and then um policy dot require role you see that we can require a role and the role that we would require would be administrator so that would be it right now we have added a new policy and theoretically if we if we go back to our counter component we can even check that or change that uh to take in a policy and then we have to specify the name of the policy and the result would actually be exactly the same so let's let's just run this application one more time and then just check what actually happens um because it should behave exactly the same way so there should not be any difference right now in how this application works so by default i guess we will already be logged in because we are yeah this user.example.com and if you click on counter you are not authorized to view this content so let's just log out let's then click on log in and here i would use this email and this password because i know that this user should have this role and if i click on counter right now you can see you can click the counter and just use that so as a summary here is when you actually want to use roles in order to um to display content based on on a specific role you could either use these roles a parameter and specify the roles that you actually want to include it would be like that we want to include the administrator or you can like we did with claims just create a policy for that by the way here in this policy you of course that takes in a real action so you can simply just uh use curly braces here and specify a composite policy that requires a role that requires a claim or several claims so you you can really play around with that and achieve that level of granularity that you might need in your applications so if you want to do this route and create a policy in which you require a role no problem then you can go back where you want to actually do that in your authorized view and instead the rules just use a policy like we have already seen and it will work the same so you have then two options or you have a big freedom to choose from one of these two options when it comes to achieving role-based authorization in your blazer server applications and this being said thank you very very much for watching and if you think this content might be useful for you or for others feel free to just share it with your peers with with your colleagues with your friends wherever you might think that there is an audience that might find this content useful for them don't be shy and share that they will probably thank you for that and also if you didn't subscribe already please hit the subscribe button and also the notification bell button because we do a lot of stuff here on discord records channel not just tutorials we do a lot of live streams and other cool things so you want to be notified whenever something new happens on this channel so just also make sure to hit that notification bell button and uh yeah last once again thank you very very much for watching and until the next time i wish you the very best

Info

Channel: Codewrinkles

Views: 8,212

Rating: undefined out of 5

Keywords: automapper in asp.net core, blazor, blazor authentication, blazor authentication and authorization, blazor authorization, blazor login, blazor server, blazor server app, blazor server authentication, blazor server tutorial, c# blazor, mudblazor tutorial, patrick god, radzen

Id: dt7jvGc24FE

Channel Id: undefined

Length: 17min 46sec (1066 seconds)

Published: Tue Feb 08 2022