Comments (3)
Hi @mikecann - the identity created here is encoded into the JWT token which will be returned to the user, in effect it encapsulates all of the details of that user that you'll need to use to assess whether that user is authorised to perform an action when they make future calls to the API and present that JWT token as the authorisation header.
If you take a look in the Startup.cs, you can see that we're simply requiring that a user has a valid token in this example, however you can build up arbitrarily complex authorisation rules using the claims data you include in this identity. So for example, you could have a "Company" claim with a value of the company a user is an employee of, say "Monkey Company Plc". You could then create a policy to check if the user attempted to access an API end point to retrieve details about a company, that they were an employee of the company in question.
What Claims you create, and what meanings you ascribe to them, are completely up to your application's needs. As to whether you can derive them from the UserManager / SignInManager, I'm not sure - I've not used ASP.Net Core Identity, but looking at the code for the UserManager in ASP.Net Core it looks like it has all sorts of stuff to do with Claims going on there, so it seems like it should be able to directly support the management of the claims and generating relevant claims identity objects to be inserted into your tokens here.
from aspnetselfcreatedtokenauthexample.
Hi @mrsheepuk,
Thanks for that detailed info! Really helpful.
I was wondering, you add [Authorize("Bearer")] to methods you want protected. Its not a big issue but setting [Authorize] doesnt seem to work. Is there a way to make it generic?
Cheers,
Mike
from aspnetselfcreatedtokenauthexample.
@mikecann There almost certainly is, yes - take a look at the line in the startup.cs:
services.AddAuthorization(auth =>
{
auth.AddPolicy("Bearer", new AuthorizationPolicyBuilder()
.AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme)
.RequireAuthenticatedUser().Build());
});
Changing this to something like:
services.AddAuthorization(auth =>
{
auth.DefaultPolicy = new AuthorizationPolicyBuilder()
.AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme)
.RequireAuthenticatedUser().Build();
});
... Should fix it (I haven't tested this, mind).
from aspnetselfcreatedtokenauthexample.
Related Issues (14)
- Sliding expiration for token HOT 2
- Add "refresh token" functionality to retrieve new tokens HOT 2
- Is RSAParametersWithPrivate really required? HOT 6
- Authorize Roles HOT 2
- HMAC-SHA signing with secret HOT 1
- No SecurityTokenValidator available for token HOT 3
- Add a comment regarding middleware ordering HOT 2
- Running on CoreCLR on Linux HOT 2
- TokenController HOT 2
- User.GetUserId() doesn't work while using token authentication HOT 8
- Can't run HOT 1
- netcoreapp 1.0 HOT 2
- Update to core 1.1 HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aspnetselfcreatedtokenauthexample.