ASP.NET Core - Roles vs Claims vs Policy
Вставка
- Опубліковано 23 лип 2024
- In this video I attempt to give me interpretation and explanation of the roles, claims and policy implementations in asp.net core.
Project on github
github.com/T0shik/rolesvsclai...
Patreon 🤝 / raw_coding
Courses 📚 learning.raw-coding.dev
Shop 🛒 shop.raw-coding.dev
Discord 💬 / discord
Twitter 📣 / anton_t0shik
Twitch 🎥 / raw_coding
👉 Try Rider
www.jetbrains.com/store/redeem/
RD5K9-4TXXW-KMV3G-NYWSF-3ZSTP
More Information on the Roles, Claims and Policies.
Role based Authorization
docs.microsoft.com/en-us/aspn...
Claims based Authorization
docs.microsoft.com/en-us/aspn...
Policy based Authorization
docs.microsoft.com/en-us/aspn...
Good Stack Overflow Thread
stackoverflow.com/questions/2...
UPDATED VIDEO: ua-cam.com/video/W5T6713KRzg/v-deo.html
Great explaination! The diagrams showing the difference between role (binary) and claims (key/value) and how it's related to policy (permission) was really helpful.
I had to watch this video a couple of times and read differets documentatons on this subject. But now, days later, I've finally understood! Many thanks!
Glad you got it! Nice avatar as well )
@@RawCoding I see you are a man of culture
Thank u vvvvery much!!!! I am a new programmer but there is few tutorial on this newest version of Asp.net core 2.2 MVC. I have just been confusing for a long time on what you made in this tutorial . It really helps!
Glad I could help!
At 9:15, i totally got the roles and policy concepts, i immediately git pull the solution, tested and understood, code is nice and clean.
i was looking for this, and this really really helped, thanks.
Awesome!
Best intro lol
Rhank you, I try my best ))
Very original. Really liked it. Keep up the good work good dude.
Thanks) glad you liked it
comment just for pay respect) Thank you for the video!
Thank you for watching)
Awesome tutorial. Really clears up things. Thank you...
Thank you for watching
Best video, thanks a lot I could finally understand these 3!
Thank you!
Thank you, man! Finally I’ve got it. Msdn documentation doesn’t make it clear, and you do.
Awesome!
Hi. I have a question about "YearWorkedFilter" class in "YearsWorkedAttribute.cs" file. how Year property get value? in constructor, there is a [ Years = years; ] but how we get years at all?
at 13:33 you can see we pass the value in the constructor (therse no 'new' keyword), github.com/T0shik/rolesvsclaimsvspolicy/blob/master/Claims/PolicyHandlers/YearsWorkedHandler.cs here's the class you can see we set year to Year.
I was immediately hooked once I heard that intro track!
Very informative. Love the intro 😂
Thank you )
Brilliant! Well done, thanks!
Cheers!
SuperB! nice abstraction demonstration :)
Cheers
Hello, thanks for the tutorial.
I want to ask you : what's the difference between a claim and any other field in the user table (if we extends IdentityUser table) thank you.
Claim goes in the ClaimsPrincipal object, the others are just properties on the User object
I got it thanks, I should've finished the video before asking the question. Great content, thank you
Great video!
the grand entry was awesome :)
very awesome video... thanks man..!!
great tutorial, thank you!
Glad you enjoyed it))
Impressive!!!! thanks for the video
Glad you enjoyed it!
Hi man, In the new ASP.NET CORE
the parameter of the controller can seem to read the Json object from the body of POST REQUEST from postman or nightingale
Did you recently encounter this before ?
If the http method is POST and the body of the request contains text that happens to be json, the dotnet core [FromBody] attribute will try to model bind that json to your model. It doesn't matter where the request is coming from. This has been working since v1 I think.
@@RawCoding I fixed it, turn out I remove the object and just throw the attributes to it and it automatically work. I have struggle all day with it
Good job.
Hello great tutorial, but quick question IAuthorization filter to validate claim for controller, but does it validate TokenValidationParameters?
Don’t know
I gave my like in the first second of the video. Great intro
Hehe I tried ;)
I know this is an old video, but this one was one of the better once on the subject. Something clicked when you described policies as functions, which made me wonder about a scenario.
If you have a Blog site and want to limit the amount of blogs a user can create, would you use a claim with a policy to check if the max limit has been reached on CreateNewBlog action (get/post) ? OR would you do something simpler like checking the DB when the user is inside the CreateNewBlog action ?
Thank you, and you'd check the db no need to store it as claim. And in my auth series, (episode 3 or 4 I think) I explain how dotnet core provides resource based authorization.
@@RawCoding Amazing! I hope i can repay the time and effort you put into your educational content, just got to get that full stack job. thx again and have a wonderful weekend my man.
@@martink4975 thank you man, don't forget to wash your hands
thank you . if i create new role on runtime , how i can give this new role permission on specefic method at runtime.
It's a complicated thing to make, I can't explain in a comment.
@@RawCoding thank you ,do you know vedio explain this ?
@@mohammadkheder8994 No, it takes time and skill to properly implement what you are asking for.
Great explanation as well
Thank you :)
Intro sound effects are Hollywood level
hahaha :D
Thanks very much.
Thank you for watching
best start :)
Ta
Nice vídeo, Nice Channel. Alrewdy subscribed
Thank you! Don't forget to join the discord server!
IsAdmin claim vs Admin role… I still don’t have a clue what the pros and cons are and what situation each might be best used in…
Claims describe a user, Roles are just claims with an extra layer. So just use claims really
Intro sound great.
Hahha still cracks me up
Thank you very much. Can you also make a video on how to change the user claim after the user is logged in. Need a flexibility to refresh the claims of the user without asking him to log out and login again.
Use IClaimsTransformer
@@RawCoding Thanks for your suggestion. I tried the IClaimsTransformation earlier. The modified claims under TransformAsync works only for the current controller and doesn't work when redirecting to another controller. I'm using cookie authentication in .Net Core 3.1. Do I need to do anything additionally for IClaimsTransformation to work for subsequent requests to work with new claims.
Watch episode 3 or 4 of my auth series I explain how to use it there.
awesome!
cheers
best intro ever
Thumbs up for the intro
Haha :D
Can u tell me whats the password for the admin ?
Always password
love the them song:D
Hehe
Good video
Cheers
Nice intro bro!
haha thank you
Thanks
Thank you for watching
Where is the git repository?
Thank you for watching the video, link to the git repo is in the description
Good intro!
Hehe
Roles are required:
a) admin has access functions
b) not admin has no access to functions
Claim = Role + other business rules (complicated authorization)
a) admin + 5 years employee has access functions
Policy : use Claim to apply the authorization, which could make claim easy to be coded
Is this a good way to understand it? If authorization is complicated, role will be chosen and without policy?
I think you understand Roles correctly.
Claims are not specific to Authorization but rather they define a user, You can then take a step to use the user definition to apply authorization using policies.
Hope this helps.
intro gave me superpowers. and a slight headache =)
Hahaha well balanced
😘😘 your intro...
i hope ill find a video on third party accounts by you
Hey what do you mean third party accounts? You mean external authentication?
@@RawCoding yes OAuth facebook,twitter etc
@@sammygimnyigei yes I. Will be covering that including identity server.
@@RawCoding imm looking forward to it
God damn nice intro kkk
))
dope intro
Haha cheers
Could you please give me this code. I need it for a school project.
Did you check the description?
If you weren't scrolling like a maniac when showing the code, I would know what's in it.
lol, gotta go fast man! source code is available :)
A like for the intro 🤣🤣🤣🤣🤣
Eyyy
Please redo this presentation. I've only found your channel a few days ago and I've watched many of your presentations. Wow! You have one of the most well articulated and thought-out set of videos but this one got away from you. You are all over the place. Although I understood the content and it made sense, I personally have struggled with staying focused. It was as if you were uncertain, disconnected, or at best you were forced into doing this video and didn’t want to. It very much seamed like you were an amateur that you are most certainly not! I am a loyal fan now, but not of this particular production.
Good shout I’ll remake it, thank you.
video will be up next week.
Congratulate everyone who come across this video.
Thank you everyone for watching!
Like for first 10 seconds
Haha thanks =)
the video image is too poor, you need to fix it more
Fix more
Hi...just advice...i'm from asia..my english is not that good..so please talk slowly and using easy vocabulary on the next video...🙏🙏🙏
Apologies
The into hhhhhhhhhhhhhhhhhhh
I've learned a lot from you videos. Thanks.
But this one is you worst video sorry.
Oh yea it was made long time agon
Oh man I disliked because of the first seconds
You deal with nervous viewers because they have problems to solve. They need something clear, organized, and formal, not this low American behavior.
Nervous viewers? You come to this video when you have time to study not when it’s crunch time. And low American behaviour? Seriously? Sorry high and mighty Ahmed’s Tutorials.
it's not about me and whether i have time or not this is supposed to be technical video and its intro is not this is it
So this is to uphold the “technical ideology” standards for witch you’ve invented yourself. Not saying this video is done to a high standard but a lot of good educational content is fitted with silly jokes.
downvoted due to intro.
Sad you feel that way