SlideShare a Scribd company logo

Authorization in asp dot net part 2

S
sonia merchant

Authorization means the process that decides what a user is able to do. Let’s take an example of user Adam who’s able to create a document library, add documents, do the edit and delete them. But Bob might only be authorized to read the documents in a single library.

Education
1 of 5
Download to read offline
Authorization (Part II) Claims Based Authorization On creating an identity it might be assigned one or more claims that are issued by a trusted party. A claim is a name-value pair that depicts what the subject is, not what the subject can do. E.g. you might have a Driving License, issued by a local driving authority. Your driver’s license has your DOB on it. In this case, the claim name would be DOB , the claim value would be your DOB, e.g. 8th June 1970 and the person who issued it would be the driving license authority. Claims based authorization in simple words, access the value of a claim and permits access to a resource that is based upon the value. For example, if you want access to a night club the permission process might be: The security officer at the door would evaluate the value of your date of birth claim and whether they trust the issuer before granting you access. An identity can contain multiple claims with multiple values and has multiple claims of the same type. Adding claims checks
Claim based authorization checks are declarative. The developer fixes them within their code, against a controller or an action within a controller, specifying claims which the current user should possess, and optionally the value the claim must hold to access the requested resource. Requirements of claims are policy based, the developer should build and register a policy expressing the claims requirements. The simplest type of affirmation sees for the existence of a claim and does not check the value. First, you need to create and list the policy. This takes place as part of the Authorization service configuration, which normally takes part in ConfigureServices() in your Startup.cs file. public void ConfigureServices(IServiceCollection services) { services.AddMvc(); services.AddAuthorization(options => { options.AddPolicy("EmployeeOnly", policy => policy.RequireClaim("EmployeeNumber")); }); } In this case the policy EmployeeOnly, checks for the presence of an EmployeeNumber claim of the current name. Then you can apply the policy using the Policy property on the AuthorizeAttribute feature to define the policy name; [Authorize(Policy = "EmployeeOnly")] public IActionResult VacationBalance() {
return View(); } The AuthorizeAttribute feature can be applied to an entire controller, in this instance, only names matching the policy will be allowed an entry to any Action on the controller. [Authorize(Policy = "EmployeeOnly")] public class VacationController : Controller { public ActionResult VacationBalance() { } } If you have a controller that is covered by the AuthorizeAttribute feature, but want to permit anonymous access to particular actions you apply the AllowAnonymousAttribute feature; [Authorize(Policy = "EmployeeOnly")] public class VacationController : Controller { public ActionResult VacationBalance() { } [AllowAnonymous] public ActionResult VacationPolicy() { } }
Most claims come with a value. You could specify a list of permitted values when creating the policy. The following example is only applicable for employees whose employee number was 1, 2, 3, 4 or 5. public void ConfigureServices(IServiceCollection services) { services.AddMvc(); services.AddAuthorization(options => { options.AddPolicy("Founders", policy => policy.RequireClaim("EmployeeNumber", "1", "2", "3", "4", "5")); } } Multiple Policy Evaluation If you apply many policies to a controller or action then all policies must progress before access is granted. For example; [Authorize(Policy = "EmployeeOnly")] public class SalaryController : Controller { public ActionResult Payslip() { } [Authorize(Policy = "HumanResources")] public ActionResult UpdateSalary() {
} } In the above example, any name that fulfills the policy of EmployeeOnly can access the Payslip action as that policy is made compulsory on the controller. But in order to take up the UpdateSalary action, it (identity) must please both the EmployeeOnly and the HumanResources policy. If you need more complicate policies, e.g. taking a DOB claim, calculating an age from it then checking the age is 21 or more than that you need to write custom policy handlers. If you want to learn ASP.Net and improve yourself in .NET training, CRB Tech Solutions would be of great help for you. Join us with our advanced program in ASP.Net course. Stay tuned to CRB Tech reviews for more technical and other resources.

Recommended

Authorization p iv
Authorization p ivAuthorization p iv
Authorization p ivsonia merchant
 
Authorization iii
Authorization iiiAuthorization iii
Authorization iiisonia merchant
 
Owin and-katana-overview
Owin and-katana-overviewOwin and-katana-overview
Owin and-katana-overviewsonia merchant
 
Mua bep tu nhu the nao tot nhat
Mua bep tu nhu the nao tot nhatMua bep tu nhu the nao tot nhat
Mua bep tu nhu the nao tot nhatoizoioi2311
 
Defending broken access control in .NET
Defending broken access control in .NETDefending broken access control in .NET
Defending broken access control in .NETSupriya G
 
Whitepaper ame purchasing
Whitepaper ame purchasingWhitepaper ame purchasing
Whitepaper ame purchasingmykalz71
 
Ame setups
Ame setupsAme setups
Ame setupsRajiv reddy
 
Ame configuration process end to end
Ame configuration process end to endAme configuration process end to end
Ame configuration process end to enderpnavin-11i
 

Recommended

Authorization p iv
Authorization p ivAuthorization p iv
Authorization p ivsonia merchant
 
Authorization iii
Authorization iiiAuthorization iii
Authorization iiisonia merchant
 
Owin and-katana-overview
Owin and-katana-overviewOwin and-katana-overview
Owin and-katana-overviewsonia merchant
 
Mua bep tu nhu the nao tot nhat
Mua bep tu nhu the nao tot nhatMua bep tu nhu the nao tot nhat
Mua bep tu nhu the nao tot nhatoizoioi2311
 
Defending broken access control in .NET
Defending broken access control in .NETDefending broken access control in .NET
Defending broken access control in .NETSupriya G
 
Whitepaper ame purchasing
Whitepaper ame purchasingWhitepaper ame purchasing
Whitepaper ame purchasingmykalz71
 
Ame setups
Ame setupsAme setups
Ame setupsRajiv reddy
 
Ame configuration process end to end
Ame configuration process end to endAme configuration process end to end
Ame configuration process end to enderpnavin-11i
 
Enterprise Library 3.0 Policy Injection Applicatoin Block
Enterprise Library 3.0 Policy Injection Applicatoin BlockEnterprise Library 3.0 Policy Injection Applicatoin Block
Enterprise Library 3.0 Policy Injection Applicatoin Blockmcgurk
 
Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...AntonioMaio2
 
How Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePointHow Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePointAntonioMaio2
 
Ame concepts
Ame conceptsAme concepts
Ame conceptssridherp
 
Ame concepts
Ame conceptsAme concepts
Ame conceptscstath
 
Authorization - it's not just about who you are
Authorization - it's not just about who you areAuthorization - it's not just about who you are
Authorization - it's not just about who you areDavid Brossard
 
Authorization in asp
Authorization in aspAuthorization in asp
Authorization in aspOPENLANE
 
Ame concepts
Ame conceptsAme concepts
Ame conceptsAshok Sahukar
 
REST API: Do More in the Feed with Action Links
REST API: Do More in the Feed with Action LinksREST API: Do More in the Feed with Action Links
REST API: Do More in the Feed with Action LinksSalesforce Developers
 
Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...
Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...
Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...Xamarin
 
Otl Oracle Time and Labor
Otl Oracle Time and LaborOtl Oracle Time and Labor
Otl Oracle Time and LaborFeras Ahmad
 
AWS Mechanical Turk Office Hours - Jan 2011
AWS Mechanical Turk Office Hours - Jan 2011AWS Mechanical Turk Office Hours - Jan 2011
AWS Mechanical Turk Office Hours - Jan 2011Mechanical Turk
 
Romanov moscow-spring sim2011-finished
Romanov moscow-spring sim2011-finishedRomanov moscow-spring sim2011-finished
Romanov moscow-spring sim2011-finishedVictor Romanov
 
Mobile company services fitting to customer consumtion profile-spring sim2011...
Mobile company services fitting to customer consumtion profile-spring sim2011...Mobile company services fitting to customer consumtion profile-spring sim2011...
Mobile company services fitting to customer consumtion profile-spring sim2011...Victor Romanov
 
Wielding Workflow
Wielding WorkflowWielding Workflow
Wielding Workflowdreamforce2006
 
Romanov moscow-boston-22.03, Business rules for profit incresing in mobile co...
Romanov moscow-boston-22.03, Business rules for profit incresing in mobile co...Romanov moscow-boston-22.03, Business rules for profit incresing in mobile co...
Romanov moscow-boston-22.03, Business rules for profit incresing in mobile co...Victor Romanov
 
Oracle OSB Security Enforcement with OWSM
Oracle OSB Security Enforcement with OWSMOracle OSB Security Enforcement with OWSM
Oracle OSB Security Enforcement with OWSMRakesh Gujjarlapudi
 
Oracle hcm cloud configuring approval workflow
Oracle hcm cloud configuring approval workflowOracle hcm cloud configuring approval workflow
Oracle hcm cloud configuring approval workflowFeras Ahmad
 
9180 skamath wp_1
9180 skamath wp_19180 skamath wp_1
9180 skamath wp_1Dola Peddireddy
 
AWSM2C3.pptx
AWSM2C3.pptxAWSM2C3.pptx
AWSM2C3.pptxRahulDange13
 
What does dot net hold for 2016?
What does dot net hold for 2016?What does dot net hold for 2016?
What does dot net hold for 2016?sonia merchant
 
What does .net hold for 2016?
What does .net hold for 2016?What does .net hold for 2016?
What does .net hold for 2016?sonia merchant
 

More Related Content

Similar to Authorization in asp dot net part 2

Enterprise Library 3.0 Policy Injection Applicatoin Block
Enterprise Library 3.0 Policy Injection Applicatoin BlockEnterprise Library 3.0 Policy Injection Applicatoin Block
Enterprise Library 3.0 Policy Injection Applicatoin Blockmcgurk
 
Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...AntonioMaio2
 
How Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePointHow Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePointAntonioMaio2
 
Ame concepts
Ame conceptsAme concepts
Ame conceptssridherp
 
Ame concepts
Ame conceptsAme concepts
Ame conceptscstath
 
Authorization - it's not just about who you are
Authorization - it's not just about who you areAuthorization - it's not just about who you are
Authorization - it's not just about who you areDavid Brossard
 
Authorization in asp
Authorization in aspAuthorization in asp
Authorization in aspOPENLANE
 
REST API: Do More in the Feed with Action Links
REST API: Do More in the Feed with Action LinksREST API: Do More in the Feed with Action Links
REST API: Do More in the Feed with Action LinksSalesforce Developers
 
Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...
Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...
Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...Xamarin
 
Otl Oracle Time and Labor
Otl Oracle Time and LaborOtl Oracle Time and Labor
Otl Oracle Time and LaborFeras Ahmad
 
AWS Mechanical Turk Office Hours - Jan 2011
AWS Mechanical Turk Office Hours - Jan 2011AWS Mechanical Turk Office Hours - Jan 2011
AWS Mechanical Turk Office Hours - Jan 2011Mechanical Turk
 
Romanov moscow-spring sim2011-finished
Romanov moscow-spring sim2011-finishedRomanov moscow-spring sim2011-finished
Romanov moscow-spring sim2011-finishedVictor Romanov
 
Mobile company services fitting to customer consumtion profile-spring sim2011...
Mobile company services fitting to customer consumtion profile-spring sim2011...Mobile company services fitting to customer consumtion profile-spring sim2011...
Mobile company services fitting to customer consumtion profile-spring sim2011...Victor Romanov
 
Romanov moscow-boston-22.03, Business rules for profit incresing in mobile co...
Romanov moscow-boston-22.03, Business rules for profit incresing in mobile co...Romanov moscow-boston-22.03, Business rules for profit incresing in mobile co...
Romanov moscow-boston-22.03, Business rules for profit incresing in mobile co...Victor Romanov
 
Oracle OSB Security Enforcement with OWSM
Oracle OSB Security Enforcement with OWSMOracle OSB Security Enforcement with OWSM
Oracle OSB Security Enforcement with OWSMRakesh Gujjarlapudi
 
Oracle hcm cloud configuring approval workflow
Oracle hcm cloud configuring approval workflowOracle hcm cloud configuring approval workflow
Oracle hcm cloud configuring approval workflowFeras Ahmad
 

Similar to Authorization in asp dot net part 2 (20)

Enterprise Library 3.0 Policy Injection Applicatoin Block
Enterprise Library 3.0 Policy Injection Applicatoin BlockEnterprise Library 3.0 Policy Injection Applicatoin Block
Enterprise Library 3.0 Policy Injection Applicatoin Block
 
Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...
 
How Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePointHow Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePoint
 
Ame concepts
Ame conceptsAme concepts
Ame concepts
 
Ame concepts
Ame conceptsAme concepts
Ame concepts
 
Authorization - it's not just about who you are
Authorization - it's not just about who you areAuthorization - it's not just about who you are
Authorization - it's not just about who you are
 
Authorization in asp
Authorization in aspAuthorization in asp
Authorization in asp
 
Ame concepts
Ame conceptsAme concepts
Ame concepts
 
REST API: Do More in the Feed with Action Links
REST API: Do More in the Feed with Action LinksREST API: Do More in the Feed with Action Links
REST API: Do More in the Feed with Action Links
 
Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...
Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...
Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...
 
Otl Oracle Time and Labor
Otl Oracle Time and LaborOtl Oracle Time and Labor
Otl Oracle Time and Labor
 
AWS Mechanical Turk Office Hours - Jan 2011
AWS Mechanical Turk Office Hours - Jan 2011AWS Mechanical Turk Office Hours - Jan 2011
AWS Mechanical Turk Office Hours - Jan 2011
 
Romanov moscow-spring sim2011-finished
Romanov moscow-spring sim2011-finishedRomanov moscow-spring sim2011-finished
Romanov moscow-spring sim2011-finished
 
Mobile company services fitting to customer consumtion profile-spring sim2011...
Mobile company services fitting to customer consumtion profile-spring sim2011...Mobile company services fitting to customer consumtion profile-spring sim2011...
Mobile company services fitting to customer consumtion profile-spring sim2011...
 
Wielding Workflow
Wielding WorkflowWielding Workflow
Wielding Workflow
 
Romanov moscow-boston-22.03, Business rules for profit incresing in mobile co...
Romanov moscow-boston-22.03, Business rules for profit incresing in mobile co...Romanov moscow-boston-22.03, Business rules for profit incresing in mobile co...
Romanov moscow-boston-22.03, Business rules for profit incresing in mobile co...
 
Oracle OSB Security Enforcement with OWSM
Oracle OSB Security Enforcement with OWSMOracle OSB Security Enforcement with OWSM
Oracle OSB Security Enforcement with OWSM
 
Oracle hcm cloud configuring approval workflow
Oracle hcm cloud configuring approval workflowOracle hcm cloud configuring approval workflow
Oracle hcm cloud configuring approval workflow
 
9180 skamath wp_1
9180 skamath wp_19180 skamath wp_1
9180 skamath wp_1
 
AWSM2C3.pptx
AWSM2C3.pptxAWSM2C3.pptx
AWSM2C3.pptx
 

More from sonia merchant

What does dot net hold for 2016?
What does dot net hold for 2016?What does dot net hold for 2016?
What does dot net hold for 2016?sonia merchant
 
What does .net hold for 2016?
What does .net hold for 2016?What does .net hold for 2016?
What does .net hold for 2016?sonia merchant
 
Data protection api's in asp dot net
Data protection api's in asp dot netData protection api's in asp dot net
Data protection api's in asp dot netsonia merchant
 
Asp dot-net core problems and fixes
Asp dot-net core problems and fixes Asp dot-net core problems and fixes
Asp dot-net core problems and fixes sonia merchant
 
Search page-with-elasticsearch-and-dot-net
Search page-with-elasticsearch-and-dot-netSearch page-with-elasticsearch-and-dot-net
Search page-with-elasticsearch-and-dot-netsonia merchant
 
Build a-search-page-with-elastic search-and-dot-net
Build a-search-page-with-elastic search-and-dot-netBuild a-search-page-with-elastic search-and-dot-net
Build a-search-page-with-elastic search-and-dot-netsonia merchant
 
How to optimize asp dot-net application
How to optimize asp dot-net applicationHow to optimize asp dot-net application
How to optimize asp dot-net applicationsonia merchant
 
How to optimize asp dot net application ?
How to optimize asp dot net application ?How to optimize asp dot net application ?
How to optimize asp dot net application ?sonia merchant
 
Learn dot net attributes
Learn dot net attributesLearn dot net attributes
Learn dot net attributessonia merchant
 
Learn about dot net attributes
Learn about dot net attributesLearn about dot net attributes
Learn about dot net attributessonia merchant
 
Top 15-asp-dot-net-interview-questions-and-answers
Top 15-asp-dot-net-interview-questions-and-answersTop 15-asp-dot-net-interview-questions-and-answers
Top 15-asp-dot-net-interview-questions-and-answerssonia merchant
 
Next generation asp.net v next
Next generation asp.net v nextNext generation asp.net v next
Next generation asp.net v nextsonia merchant
 
Dot net universal apps
Dot net universal appsDot net universal apps
Dot net universal appssonia merchant
 
Browser frame building with c# and vb dot net
Browser frame building with c# and vb dot netBrowser frame building with c# and vb dot net
Browser frame building with c# and vb dot netsonia merchant
 
A simplest-way-to-reconstruct-.net-framework
A simplest-way-to-reconstruct-.net-frameworkA simplest-way-to-reconstruct-.net-framework
A simplest-way-to-reconstruct-.net-frameworksonia merchant
 
Silverlight versions-features
Silverlight versions-featuresSilverlight versions-features
Silverlight versions-featuressonia merchant
 
History of silverlight versions and its features
History of silverlight versions and its featuresHistory of silverlight versions and its features
History of silverlight versions and its featuressonia merchant
 
What is microsoft silverlight?
What is microsoft silverlight?What is microsoft silverlight?
What is microsoft silverlight?sonia merchant
 
Asp.net life cycle in depth
Asp.net life cycle in depthAsp.net life cycle in depth
Asp.net life cycle in depthsonia merchant
 

More from sonia merchant (20)

What does dot net hold for 2016?
What does dot net hold for 2016?What does dot net hold for 2016?
What does dot net hold for 2016?
 
What does .net hold for 2016?
What does .net hold for 2016?What does .net hold for 2016?
What does .net hold for 2016?
 
Data protection api's in asp dot net
Data protection api's in asp dot netData protection api's in asp dot net
Data protection api's in asp dot net
 
Asp dot-net core problems and fixes
Asp dot-net core problems and fixes Asp dot-net core problems and fixes
Asp dot-net core problems and fixes
 
Search page-with-elasticsearch-and-dot-net
Search page-with-elasticsearch-and-dot-netSearch page-with-elasticsearch-and-dot-net
Search page-with-elasticsearch-and-dot-net
 
Build a-search-page-with-elastic search-and-dot-net
Build a-search-page-with-elastic search-and-dot-netBuild a-search-page-with-elastic search-and-dot-net
Build a-search-page-with-elastic search-and-dot-net
 
How to optimize asp dot-net application
How to optimize asp dot-net applicationHow to optimize asp dot-net application
How to optimize asp dot-net application
 
How to optimize asp dot net application ?
How to optimize asp dot net application ?How to optimize asp dot net application ?
How to optimize asp dot net application ?
 
10 things to remember
10 things to remember10 things to remember
10 things to remember
 
Learn dot net attributes
Learn dot net attributesLearn dot net attributes
Learn dot net attributes
 
Learn about dot net attributes
Learn about dot net attributesLearn about dot net attributes
Learn about dot net attributes
 
Top 15-asp-dot-net-interview-questions-and-answers
Top 15-asp-dot-net-interview-questions-and-answersTop 15-asp-dot-net-interview-questions-and-answers
Top 15-asp-dot-net-interview-questions-and-answers
 
Next generation asp.net v next
Next generation asp.net v nextNext generation asp.net v next
Next generation asp.net v next
 
Dot net universal apps
Dot net universal appsDot net universal apps
Dot net universal apps
 
Browser frame building with c# and vb dot net
Browser frame building with c# and vb dot netBrowser frame building with c# and vb dot net
Browser frame building with c# and vb dot net
 
A simplest-way-to-reconstruct-.net-framework
A simplest-way-to-reconstruct-.net-frameworkA simplest-way-to-reconstruct-.net-framework
A simplest-way-to-reconstruct-.net-framework
 
Silverlight versions-features
Silverlight versions-featuresSilverlight versions-features
Silverlight versions-features
 
History of silverlight versions and its features
History of silverlight versions and its featuresHistory of silverlight versions and its features
History of silverlight versions and its features
 
What is microsoft silverlight?
What is microsoft silverlight?What is microsoft silverlight?
What is microsoft silverlight?
 
Asp.net life cycle in depth
Asp.net life cycle in depthAsp.net life cycle in depth
Asp.net life cycle in depth
 

Recently uploaded

Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaVirag Sontakke
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsKarinaGenton
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxHistory Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxsocialsciencegdgrohi
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxRaymartEstabillo3
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
Biting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfBiting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfadityarao40181
 
Blooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxBlooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxUnboundStockton
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 

Recently uploaded (20)

Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of India
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its Characteristics
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxHistory Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
Biting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfBiting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdf
 
Blooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxBlooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docx
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 

Authorization in asp dot net part 2

  • 1. Authorization (Part II) Claims Based Authorization On creating an identity it might be assigned one or more claims that are issued by a trusted party. A claim is a name-value pair that depicts what the subject is, not what the subject can do. E.g. you might have a Driving License, issued by a local driving authority. Your driver’s license has your DOB on it. In this case, the claim name would be DOB , the claim value would be your DOB, e.g. 8th June 1970 and the person who issued it would be the driving license authority. Claims based authorization in simple words, access the value of a claim and permits access to a resource that is based upon the value. For example, if you want access to a night club the permission process might be: The security officer at the door would evaluate the value of your date of birth claim and whether they trust the issuer before granting you access. An identity can contain multiple claims with multiple values and has multiple claims of the same type. Adding claims checks
  • 2. Claim based authorization checks are declarative. The developer fixes them within their code, against a controller or an action within a controller, specifying claims which the current user should possess, and optionally the value the claim must hold to access the requested resource. Requirements of claims are policy based, the developer should build and register a policy expressing the claims requirements. The simplest type of affirmation sees for the existence of a claim and does not check the value. First, you need to create and list the policy. This takes place as part of the Authorization service configuration, which normally takes part in ConfigureServices() in your Startup.cs file. public void ConfigureServices(IServiceCollection services) { services.AddMvc(); services.AddAuthorization(options => { options.AddPolicy("EmployeeOnly", policy => policy.RequireClaim("EmployeeNumber")); }); } In this case the policy EmployeeOnly, checks for the presence of an EmployeeNumber claim of the current name. Then you can apply the policy using the Policy property on the AuthorizeAttribute feature to define the policy name; [Authorize(Policy = "EmployeeOnly")] public IActionResult VacationBalance() {
  • 3. return View(); } The AuthorizeAttribute feature can be applied to an entire controller, in this instance, only names matching the policy will be allowed an entry to any Action on the controller. [Authorize(Policy = "EmployeeOnly")] public class VacationController : Controller { public ActionResult VacationBalance() { } } If you have a controller that is covered by the AuthorizeAttribute feature, but want to permit anonymous access to particular actions you apply the AllowAnonymousAttribute feature; [Authorize(Policy = "EmployeeOnly")] public class VacationController : Controller { public ActionResult VacationBalance() { } [AllowAnonymous] public ActionResult VacationPolicy() { } }
  • 4. Most claims come with a value. You could specify a list of permitted values when creating the policy. The following example is only applicable for employees whose employee number was 1, 2, 3, 4 or 5. public void ConfigureServices(IServiceCollection services) { services.AddMvc(); services.AddAuthorization(options => { options.AddPolicy("Founders", policy => policy.RequireClaim("EmployeeNumber", "1", "2", "3", "4", "5")); } } Multiple Policy Evaluation If you apply many policies to a controller or action then all policies must progress before access is granted. For example; [Authorize(Policy = "EmployeeOnly")] public class SalaryController : Controller { public ActionResult Payslip() { } [Authorize(Policy = "HumanResources")] public ActionResult UpdateSalary() {
  • 5. } } In the above example, any name that fulfills the policy of EmployeeOnly can access the Payslip action as that policy is made compulsory on the controller. But in order to take up the UpdateSalary action, it (identity) must please both the EmployeeOnly and the HumanResources policy. If you need more complicate policies, e.g. taking a DOB claim, calculating an age from it then checking the age is 21 or more than that you need to write custom policy handlers. If you want to learn ASP.Net and improve yourself in .NET training, CRB Tech Solutions would be of great help for you. Join us with our advanced program in ASP.Net course. Stay tuned to CRB Tech reviews for more technical and other resources.