[Archived] ASP.NET Core Identity is the membership system for building ASP.NET Core web applications, including membership, login, and user data. Project moved to https://github.com/aspnet/AspNetCore
Modern authorization requires far more granularity than simple roles or policies. It's possible to implement Activity-based authorization right now, but it requires to re-implement same logic over and over for each new project.
It would be great if there was support for IdentityRole type to have a collection of Activities of type TActivity. Moreover, for RoleManager to have the same methods for activities as there are for claims (AddClaimAsync, RemoveClaimAsync, etc.) would be a huge improvement.
Another aspect that the current authorization API lacks is the ability to decorate the controllers and action methods with an attribute like [ActivityAuthorize(Activity = "User_Create")].
Modern authorization requires far more granularity than simple roles or policies. It's possible to implement Activity-based authorization right now, but it requires to re-implement same logic over and over for each new project.
It would be great if there was support for
IdentityRole
type to have a collection of Activities of typeTActivity
. Moreover, forRoleManager
to have the same methods for activities as there are for claims (AddClaimAsync
,RemoveClaimAsync
, etc.) would be a huge improvement. Another aspect that the current authorization API lacks is the ability to decorate the controllers and action methods with an attribute like[ActivityAuthorize(Activity = "User_Create")]
.A see the activity-based authorization as it is described here: https://lostechies.com/derickbailey/2011/05/24/dont-do-role-based-authorization-checks-do-activity-based-checks/
I event have a little PoC that fits the current Identity Model: https://github.com/JustMeGaaRa/Identity/commit/11767973f6f0294e9f5cd632852be186bb98e911