I am trying to create an ASP.NET Core Web API project with role-based authorization, but there isn't any guide or article about it without using ASP.NET Core web app and razor pages which I don't want to use because I am making my own UI in angular. But also I want to do all logic behind authentication and authorization on BE.Is there any guide for step-by-step implementation of role-based authorization?
I have 3 roles: sysAdmin, employee, patient
.
I have only one option for authentication and authorization and that is checking if session is expired for that account, but how do I hide content for that user?
CodePudding user response:
When we have a web app, we can let users sign in and the request are all inside the server, so the cookie which contained user information can worked well for authorization. but when you have a SPA web api, they usually use access token for authorization. and that's why I share the link with you, it showed how to authenticate the SPA.