How to Figure out how to make Authentication/Authorization claims/roles works? RRS feed

  • Question

  • I found so many example but still not one answering my problem.

    Assuming I got 2 controllers (CompanyController, ClientController).
    Within each controller I got of course the Create, Read, Update, Delete Actions.

    Now, some employees(users) could be claiming are either Company or Client or both so these users can access those controllers.
    Now the problem is that Employee_A can do CRUD(Create, Read, Update, Delete) on CompanyController AND only Read on ClientController.
    While Employee_B can have only Read and Create on ClientController.

    So do I have to create a Claim OR Role for every case on Startup.cs (services.AddAuthorization(options =>
                {options.AddPolicy("Sales", policy => policy.RequireClaim(claimType, "Company", "Client"));
    });) >>> ClaimCompany, Claim_Client to decorate the controller.
    And then Claim_Company_Create, Claim_Company_Read, Claim_Company_Update, Claim_Company_Delete AND Claim_Client_Create, Claim_Client_Read, Claim_Client_Update, Claim_Client_Delete and associate the users with every scenario they belongs to?
    I try to use only a generic CRUD but then Employee_A would have be able to do everything on every controller is claiming to be part of. So it doesn't work.

    So now my issues is that If I got 50 Controllers, how can I make this more simpler without to create all those sub-claim for every CRUD?

    Also how can I save Identities to Claims (ASPNetUserClaims) as for example:

        • Employee_A Identiy(1) is "Company"
        •     Create
        •     Read
        •     Update
        •     Delete
        • Employee_A Identiy(2) is "Client"
      •     Create
    •     Read

    How can I read Identities from Claims so they become identities automatically.


    • Edited by hobie1 Sunday, October 22, 2017 6:46 PM
    • Moved by CoolDadTx Monday, October 23, 2017 2:14 PM ASP.NET related
    Sunday, October 22, 2017 6:45 PM

All replies

  • You have ASP.NET MVC and security issues that can be discussed at the ASP.NET forums.


    There is a Security forum there too.

    Sunday, October 22, 2017 8:31 PM
  • Hello hobie1,

    What is the type of your project? If the program is mvc project you could post a thread to  Mvc Forum for suitable support.

    there are a lot of experience people that help you walk out of problem quickly.

    Neil Hu

    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Monday, October 23, 2017 8:16 AM