MVC Role Management Intro - Part 1 - Authorization - .NET Core 6

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello everybody today we're going to add role-based authentication to our asp.net core mvc application here we're going to add a couple of sample roles and assign those roles to a couple of users and see how we can use policy-based authentication schemes to give access or revoke access to certain pages for certain users this lecture is a continuation of my previous lesson on net core identity customization if you'd like to see the lecture please click at the top right now as the code used here is inherited from that lecture so let's jump right ahead and start the lesson okay so to customize the roles and add and manage roles first we're going to do some preliminary steps the first thing is to go to our login controller which is a regis razer page here and we're going to go to our post async so we're going to modify the password sign in function uh we're going to extract some other functions outside and add it ourselves so let's decompile this function and see what it does so let's go to its source so here what we do is we first check the database for the email the username if it's null then we return a failed symbol if not if the user exists then we go and sign into this function and this function [Music] checks for password and sign checks to sign in and then finally if we succeed then we sign in or we use two factor for this example we're going to stick with sign in we will not see two factor so if we don't have a tool factor this is the code that will get executed so there's no login provider and so this is where we'll come here we'll basically sign in with claims and then this will be the default claim um which is this is the this is the default claim that we're going to use to authenticate our user so now let's go back to our login and modify this code so as you can see i modified this into its sub functions so first instead of directly calling our password sign in async method first we check the database if the email exists and then we check the password if it matches or not and then finally when it succeeds we sign in with the default claim of amr and password okay now let's see if our changes work let's build a project it's refreshed so let's refresh the page let's go to login let's log in with our sample user here login and it works awesome okay now let's see how to implement policy-based authentication so here to implement policy authentication uh we're going to add a simple claim here we're going to call a new claim we're going to call it employee number and then we're going to give it a simple value for now so once we add this here let's go to our program.cs i'm going to add a simple function called add authorization policies and we're going to come down here and implement this function so here it's a simple function what we're doing here in the services we are adding authorization and we're adding a simple policy called employee only and in this policy we're going to require the claim employee number which we had given right here so how do we use this policy so let's go to our role controller here for example so i'm going to add a decoration called authorize policy set to employee only so how does this work so say you call this index method uh in the role page so here the authorize tag says it has a policy of employee only so the controller will go to program.cs and check for the employee only policy and then the requirements for this policy it basically says i need to require a claim called employee number so this policy checks our login credentials which we provide the user and checks if there's a claim called employee number in the server if yes it will let them access the the index method if not it will redirect them to the access denied page so since we they created this with employee only now let's go here actually comment this out let's build a project and let's go and refresh our page let's login let's go to our test.ca let's go to roles page there we go we don't get access because we did not provide this claim now let's go and comment uncommon this rebuild so let's come here and actually log out and log back in so let's log in now let's go to roles page and now we have it so that's a simple role based sorry a simple policy based authentication so the most common type of authorization we'll use is based on roles for example we'll have admins managers users customers and we will restrict or allow access to pages and parts of our website based on their roles so let's see how to implement it so let's start by adding a couple of sample roles to our website so let's add a migration called init rolls no let's call it seed rolls that's the right name so here we have a simple migration to populate our database with some sample values so the first method we have here in this migration is seed roles where we add three roles the first is the administrator the second is the manager and the user i've pre-defined the role ids here so that it's easy to work with and then the next one is you see the users so we have two users here i have user test two and test three and i've have predefined their user ids here so that it's easy for us to work with then finally we have the seed user roles here i'm assigning user one with a manager and a user role and the user two has an admin role and also a manager role now let's run this migration and see if it works let's update the database okay everything went through now let's check our database for the values so here let's check the asp.net roles table we have three roles now let's check the user roles and we have our user id added to a couple of roles now let's check the users and here we have it we have the two users we added so now once we added all the values to our database now let's come here and get all the roles associated with our user right here and add it to our claims so for that let's get all the roles first let's call the sign in manager.usermanager.getroles and we're going to pass our user so this is an async method so we'll have to await it so let's do something now let's put a point right here and see if this function gets all our values so before that we'll actually have to come to our program.cs and add roles to our identity so for that we add add roles identity role and that's it so let's build a project let's run it okay we are logged in as test one let's log out let's log in again as test two so test two should have two uh roles let's see if it works let's log in okay let's come to the next point and here we have it so here we have manager and user like we assigned that's awesome so now let's see how to add this to our claims say claims dot add rules role claim oh my bad new role new claim and then we add it all right cool so now let's add a couple of policies for us to validate our roles for that let's go to our program.cs right here and then i'm going to add another authorization and then we're going to add one for require admin here we're going to add a policy called record admin here we're going to require a role called administrator and the second one is going to be manager this policy will require role manager so now let's save okay so to test our roles i'm going to add a couple of functions here control in the controller for roles the first one is going to be the manager and then followed by the admin so this goes to the admin page and this goes the manager page and then we're going to decorate it the manager method with the record manager policy from our required manager policy right here and then we're going to add another policy to our admin so the admin page will be authorized with the core admin which will require the role administrator okay and also i've added a couple of links to our header so that we can navigate easily so let's build the project okay cool now let's login as test2 test2 has the roles of a manager and a user so let's save okay so manager accessible now let's try and go to the admin page see our controller tried to access a page with which did not have credentials or the user was not an admin and we got denied access now let's log in as test three which has admin access so let's log in as test three log in here we go wonderful so for role-based authentication there are multiple ways to do this so we can either use a policy here or we can add authorize roles and we can set the roles directly here for example if the admin page needs an administrator or a manager role we can set this here and i'm gonna comment this out so let's build this project okay i'm going to log in as our test 2 which has a role of manager and user so let's login as test2 login i'm going to go to the manager page we got the manager page working let's go to the admin there we go so even though our test 2 is only a manager and a user since we put manager here now the admin page authorizes our test to user so once we have everything working the next step is to remove all our magic strings in general it's bad practice to have magic strings like what we have here because if we change here uh if it has to change in every other place that'll become tedious process so here i've added a simple class to our project called constants and extracted every magic string as a constant so for example our other policies for require admin and manager and for the roles i have the three roles we have and at runtime this will be automatically added here and we don't have to worry about managing the same thing in our program.cs here we have a policy for record admin and acquires a role of administrator everything is nice and clean thank you so much for watching this video if you have any questions please leave in the comments box i'll get back to you as soon as possible all the code for this example and the lesson is in the description box please have a look thank you
Info
Channel: I See Sharp
Views: 30,066
Rating: undefined out of 5
Keywords: asp.net core, asp.net razor pages, razor page, .net core, .net, website, asp.net, asp.net core mvc login with Identity, add asp.net core identity to existing project, user authentication in asp.net core mvc, login and logout in asp.net mvc, .net core mvc user authentication, identityuser, .netcore identity, authorize, .net core registration form, .net core login form, .net roles
Id: E8JaZdtXTBQ
Channel Id: undefined
Length: 14min 26sec (866 seconds)
Published: Wed Feb 16 2022
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.