Reputation: 147
SPA - Manage authorization based on resources and roles
I'm developing a Single Page Application using ReactJS + .Net Core 5 which has several fine-grained authorization checks. So, in my application there are users, roles and userroles to link these two information. Then, I have a Permissions table and RolesPermissions to link the permissions (or actions) for each roles. But this diagram cannot work correctly because some roles are tailored on resources (so, I can be Editor on resource A and Reader of resource B, where A and B are the same type of resource). To summarize, some roles are directly linked to resource.
How can I manage the authorization in this case? I read on Resource-Based authorization (https://learn.microsoft.com/en-us/aspnet/core/security/authorization/resourcebased?view=aspnetcore-2.1&tabs=aspnetcore2x#operational-requirements), but in this case the permissions design on database side would be useless and I have to write a lot of C# code to manage each possibilities (a lot of if/else). I'm looking for some alternatives... also because, after correctly managed the permisssions on backend side, I need to pass information to frontend in order to segregate the layout (for example, the button "Create" must not be displayed if you are only reader on a specific resource).
Upvotes: 0
Views: 302
Answers (0)
Related Questions
- Create Role-Based Authorization with Windows Authentication
- Role based Authorization for Razor Pages
- Role-based authorization with ASP.NET Core 5.0
- Dynamic authorization of roles asp.net core
- Resource Based authorization for a list of reosurces?
- How to properly do resource-based authorization in ASP.NET Core 2.2?
- Asp.NET Core MVC Role based Authorization
- Resource based authorization in .net
- Role based authorization in asp.net
- Individual page authorization based on roles in ASP.NET MVC 5