Closed bugproof closed 5 years ago
I think Roles is an older design pattern and Claims/permissions have won that area but I'm open to be persuaded otherwise 😄
I think Roles is an older design pattern and Claims/permissions have won that area
Can you elaborate more?
On Thu, 18 Oct 2018 at 12:03, Sigvaard notifications@github.com wrote:
I think Roles is an older design pattern and Claims/permissions have won that area
Can you elaborate more?
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/CarterCommunity/Carter/issues/130#issuecomment-430967169, or mute the thread https://github.com/notifications/unsubscribe-auth/AAGapm0i_Vjk7Tk2uP5ivQ2XqVUqjt1Cks5umF_pgaJpZM4XtCFO .
It would be easier for people who would like to port to Carter from MVC if they use [Authorize(Roles="role1,role2")]
there.
Also, I don't know if it adds any dependency to Carter but there's policy-based authorization in ASP.NET Core. So if it doesn't add any dependency it would be nice to have RequiresPolicy
method too.
And how can you apply authorization requirement per route/action? Is this possible in Carter?
Personally I feel if they still use Roles they need to update and use Claims. For example Nancy used to do Roles but we moved to Claims.
A user can always write an extension just like RequiresClaims is in their own codebase if needs be or a separate nuget extension package if they want.
I think there is an issue for auth per route still open, think it proved to be tricky if i remember correctly :)
On Fri, 19 Oct 2018 at 08:30, Sigvaard notifications@github.com wrote:
It would be easier for people who would like to port to Carter from MVC if they use [Authorize(Roles="role1,role2")] there.
Also, I don't know if it adds any dependency to Carter but there's policy-based authorization in ASP.NET Core. So if it doesn't add any dependency it would be nice to have RequiresPolicy method too.
And how can you apply authorization requirement per route/action? Is this possible in Carter?
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/CarterCommunity/Carter/issues/130#issuecomment-431271505, or mute the thread https://github.com/notifications/unsubscribe-auth/AAGapgUnSWbrPN-DCxI-t3qq8qk3HQcHks5umX-wgaJpZM4XtCFO .
I see. Those methods are trivial to implement anyway.
Basically addition to what already exists: https://github.com/CarterCommunity/Carter/blob/5a67b19232c2b645da1dc9d42aecdaeacf1aef56/src/CarterModuleSecurity.cs#L35