I have the application which has authentication and authorization with JWT token. I am using ASP.NET Core Identity for registering users. So my goal is to have two roles: manager and user. I have created "RoleController" that has CRUD operations and I successfully added these roles but next step is to attach these roles to users and my question starts from here...

What is the best practice to achieve this? I mean should I send "Role" field value when I register a new user? But in case like this, anyone can register as an manager. I thought to create different registration endpoints for Managers and Users but I don't know if it is best practice or not. So what can I do, how can I manage this role-based authentication and how can I register user with defined roles?

CodePudding user response：

You can use Identity UserManager to assign roles/custom roles for Users. For example: await UserManager.AddToRoleAsync(poweruser, "Admin");

Following this, you can also assign roles to users during SignUp/Registration so that after account creation, the person will have those roles. You can also create custom roles and save those in DB and map those while user registration.

For conjugated role/permission you can try Identity Policies too.

CodePudding user response：

This is a very good question. In Generally, high-privileged accounts are provided by companies or organizations rather than registered by themselves. In my opinion, a simple way to achieve this is that when the user is successfully registered, you can provide an email address for users who want to be Managers to send applications, Then you can determine whether this user can become a Managers by this application. If you think this user can become Manager, You can add role by yourself, If not, Just do nothing.