Reputation: 6296
Resource Based authorization for a list of reosurces?
How do you implement authorization for a list of resources?
All docs I see are based on IAuthorizationService and the AuthorizeAsync methods. But this, only applies to one resource.
Should I be retrieving all resources and then imperatively check if the user has access or not using the AuthorizeAsync method of the IAuthorizationService? This seems very ackward, slow and inneficient.
How would you do this?
Upvotes: 6
Views: 741
Answers (1)
Reputation: 2800
I have implemented this in few of my projects and aside from fetching all resources from the database and then executing AuthorizeAsync on each of them there is not much that you can do (so far as I know).
In some cases you can have mapping table in the database that stores resourceId/userId and check according to that. It is easier to fetch items that way without executing AuthorizeAsync on each, but it is not applicable in each scenario...
There are a few questions on this subject (such as https://github.com/dotnet/AspNetCore.Docs/issues/10244) but no solution.
Upvotes: 1
Related Questions
- Asp.net Core WebAPI Resource based authorization outside controller level
- Global Resource Authorization based on route value
- How to properly do resource-based authorization in ASP.NET Core 2.2?
- Custom Policy-Based Authorization in ASP.NET Framework
- Authorize against a list of policies
- Resource based authorization in .net
- How to grant access to specific resources?
- Resource based ASP.NET Authorization FormsAuthentication and WebApi
- ASP.Net WebApi Authorization using resource data
- Claims authorization for specific resources