Boas Enkler
Reputation: 12557
IdentityServer and RessourceClaims
I've an api and a webfrontend on which the user gets authenticated with identityServer.
Now I can introduce scopes like "customer" to get the according claim on the web project.
Now I want to have a user to have claims on specific customers. Is this something I would do inside the identityserver? I can't find an api to post new claims for a user.
or would I have a claims store in my application and then enrich the created principal with these claims?
Upvotes: 0
Views: 94
Answers (1)
leastprivilege
Reputation: 18482
As a rule of thumb - authorization is done as close as possible to the resource you are trying to protect - e.g. in the API endpoint.
IdentityServer is authentication/identity as a service - not permissions or authorization.
Upvotes: 1
Related Questions
- When claims are available
- ASP.Net Identity and IdentityServer4 Claims
- IdentityServer4 and ASP.Net Identity: Adding additional claims
- IdentitySever4 user claims and ASP.NET User.Identity
- ASP.NET Identity and Claims
- IdentityServer, Claims and Roles
- IdentityServer3: Some Claims not being returned from identity server
- IdentityServer 3 + Asp.net Identity: Scopes, Claims and Clients - Clarifications
- ASP.NET Identity Claims
- ASP.NET Identity and Claim-based