Handle Authorization and Authentication in DDD-CodePudding

currently i am trying to deal with authorization and authentication on .net core API

There is a company, and that company can create custom roles. Those roles, will have permissions inside it, such as:

Read
Write
Delete

The company, can apply a role to the users that he creates

With that said, how would i handle the authorization part?

Because, i believe this is considered business logic.

How should i approach this?

Thanks in advance

CodePudding user response：

You can probably handle this in multiple different ways. I'd suggest, since you are referring to an API, to decorate the Controllers, Routes or both with the [Authorize] attribute, where you want the rules to apply.

And you would use this attribute as such (where foo, bar, baz - are the roles on the authenticated user).

[Authorize(Roles = "foo,bar,baz")]

You can also define the challange scheme like

[Authorize(Roles = "foo,bar,baz", AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]

Docs: https://docs.microsoft.com/en-us/aspnet/core/security/authorization/roles?view=aspnetcore-6.0

CodePudding user response：

You can create the role and add claims to that specific role and policy for authorization

AddAuthorization((options) =>{
  options.AddPolicy("UserCreation", policy =>
  policy.RequireRole("Admin").RequireClaim("Admin", "Edit"));

by using the role manager in.net core identity you can add the claim to the role

RoleManager<Role> _roleManager;
_roleManager.AddClaimAsync(role, claim);

last you can check whether the user have the role and claim to access the resource using authorize attribute

[Authorize(Roles = "Admin", AuthenticationSchemes = "Bearer", Policy = "UserCreation")]