Authentication and authorization

[DotNetDublin]

One we decide between Blazor Client Side and Server Side #1 we will need to review appropriate approaches to authentication and authorization

https://docs.microsoft.com/en-us/aspnet/core/blazor/security/?view=aspnetcore-5.0

The below sections of the Project Scenario need to be taken into consideration

• Each Lawyer should only be able to submit time against a Client belonging to their regional office
• Each Manager should only be able to view Lawyers belonging to their regional office
• Each Manager should only be able to run reports against Lawyers and Clients belonging to their regional office
• A user level above Manager is required which will allow executives to run reports across all regional offices
• All users should be able to reset their password without the assistance of the IT department
• The application should have an administration area where System Administrators can manage Users and Clients and any appropriate configuration settings.
• The company has an automated process when a Lawyer joins or leaves the company which will either grant or revoke access to the companies applications. Therefore he has requested we supply him with an API to add and remove application users
• Best practices in relation to security should be employed by application

The below from issue #3 should also be noted

George would like a solution that provides a degree of separation from user management and authentication and the TimeKeeper application. George can foresee a scenario where they would add a new user and then select which applications they should have access whether it be TimeKeeper, FileKeeper or any other application we develop for them.

[DotNetDublin]

My experience to date has been restricted to Identity however I'd be interested in exploring Azure Active Directory B2C