Pawan Nogariya
Reputation: 8960
How to allow all resources to one role in claims authorization without the need to add it to all the Web api Authorize attribute
I have implemented claims based role authorization in my .net Core application.
Everything is working fine. I decorate my web api's like this and they work perfectly
[Authorize(Roles = "Admin, GlobalEditor, RegionalEditor")]
The only problem is that the role "Admin" has access to absolutely everything in my application but I still have to specify it in the Authorize attribute of all the Web Api.
Is there any way to define somewhere centrally that if the role is "Admin" allow it everything and I do not have to specify it on all the web api?
Or is there any way to define the role hierarchy where I can define that if user is on the top role it has access to all the lower roles resources?
Upvotes: 0
Views: 92
Answers (0)
Related Questions
- Apply [Authorize] attribute implicitly to all Web API controllers
- How to perform role based authorization without identity framework?
- 403 Error on JWT Role Based Authorization using .NET Core Web API 3.1
- Role based authorization in identity server 4 with .Net core web API
- How to get user claims inside ASP Core 2 method without Authorize attribute?
- Azure Authentication in web API - role claims are missing after validation
- ASP.NET Web Api with Role based authorization
- Authorize attribute - do I need to store the roles as claims?