Reputation: 1253
IdentityServer role/permissions in AngularJS and WebAPI
I have and AngularJS application that talks to WebAPI. Both login using Identity Server 3. I have an Admin role, but I want to expand on this so I can hide certain admin functionality in the front end from some admin users. So I need to check user permissions for admin users. What's the best way to do this? Do I just create a table in my database and assign permssions to users there? Or is there something in identity server I should do to assign permissions.
Upvotes: 1
Views: 279
Answers (1)
Reputation: 1319
It's my understanding that application permissions would be tracked in your application specific database. In that database, you could track permissions by role (rather than user). Then, you could use the role claim(s) that come back in the token to look up the proper permissions. However, that's just one method...
This is a really great post on the subject written by Dominick Baier, one of the authors of Identity Server: Identity vs. Permissions
Upvotes: 1
Related Questions
- ASP.NET Core 3.1 + Angular 9 role based authentication
- Role Based Authorization for Web API with IdentityServer4
- IdentityServer3 + Angular4 + WebApi Causing 401 Unauthorized
- IdentityServer4 + ASP.NET core API + Angular: Login/authentication
- Talking to IdentityServer4 with an Angular SPA application for authentication/authorization receiving a token then talking to Web API
- IdentityServer4 - user permissions on the API
- Role based AngularJS JWT authentication
- Identity Server 3 AngularJS with .Net Web API
- Identity server claims asp.net API
- Returning User Roles to an AngularJS app from ASP.NET Identity using OAuth and bearer tokens