ASP NET Core role based authorization

Role based authorization in asp.net core

Healthy diet is very important for both body and mind. We want to inspire you to cook and eat healthy. If you like Aarvi Kitchen recipes, please support by sharing, subscribing and liking.
https://www.youtube.com/channel/UC7sEwIXM_YfAMyonQCrGfWA/?sub_confirmation=1

Text version of the video
https://csharp-video-tutorials.blogspot.com/2019/07/aspnet-core-role-based-authorization.html

Slides
https://csharp-video-tutorials.blogspot.com/2019/07/aspnet-core-role-based-authorization_23.html

ASP.NET Core Text Articles & Slides
https://csharp-video-tutorials.blogspot.com/2019/01/aspnet-core-tutorial-for-beginners.html

ASP.NET Core Tutorial
https://www.youtube.com/playlist?list=PL6n9fhu94yhVkdrusLaQsfERmL_Jh4XmU

Angular, JavaScript, jQuery, Dot Net & SQL Playlists
https://www.youtube.com/user/kudvenkat/playlists?view=1&sort=dd

Authentication and Authorization in ASP.NET Core

Authentication is the process of identifying who the user is.

Authorization is the process of identifying what the user can and cannot do.

Authorization in ASP.NET Core MVC is controlled through the AuthorizeAttribute

ASP.NET Core Simple Authorization

When the Authorize attribute is used in it’s simplest form, without any parameters, it only checks if the user is authenticated. This is also called simple authorization.

[Authorize]
public class SomeController : Controller
{
}

We discussed simple authorization in detail in Part 71 of ASP.NET Core tutorial.

Role Based Authorization in ASP.NET Core

Role-based authorization checks can be applied either against a controller or an action within a controller.

Role Based Authorization Example

Only those users who are members of the Administrator role can access the actions in the AdministrationController

[Authorize(Roles = “Administrator”)]
public class AdministrationController : Controller
{
}

Multiple Roles Example

Multiple roles can be specified by separating them with a comma. The actions in this controller are accessible only to those users who are members of either Administrator or User role.

[Authorize(Roles = “Administrator,User”)]
public class AdministrationController : Controller
{
}

Multiple Instances of Authorize Attribute

To be able to access the actions in this controller, users have to be members of both – the Administrator role and the User role.

[Authorize(Roles = “Administrator”)]
[Authorize(Roles = “User”)]
public class AdministrationController : Controller
{
}

Role Based Authorization Check on a Controller Action

Members of the Administrator role or the User role can access the controller and the ABC action, but only members of the Administrator role can access the XYZ action. The action Anyone() can be accessed by anyone inlcuding the anonymous users as it is decorated with AllowAnonymous attribute.

[Authorize(Roles = “Administrator, User”)]
public class AdministrationController : Controller
{
public ActionResult ABC()
{
}

[Authorize(Roles = “Administrator”)]
public ActionResult XYZ()
{
}

[AllowAnonymous]
public ActionResult Anyone()
{
}
}