blowdart
commented
5 years ago Identity is meant as a simple starting point. Extending roles to support something other than claims is beyond what this feature is aimed at.
Closed JustMeGaaRa closed 5 years ago
blowdart
commented
5 years ago Identity is meant as a simple starting point. Extending roles to support something other than claims is beyond what this feature is aimed at.
Modern authorization requires far more granularity than simple roles or policies. It's possible to implement Activity-based authorization right now, but it requires to re-implement same logic over and over for each new project.
It would be great if there was support for
IdentityRoletype to have a collection of Activities of typeTActivity. Moreover, forRoleManagerto have the same methods for activities as there are for claims (AddClaimAsync,RemoveClaimAsync, etc.) would be a huge improvement. Another aspect that the current authorization API lacks is the ability to decorate the controllers and action methods with an attribute like[ActivityAuthorize(Activity = "User_Create")].A see the activity-based authorization as it is described here: https://lostechies.com/derickbailey/2011/05/24/dont-do-role-based-authorization-checks-do-activity-based-checks/
I event have a little PoC that fits the current Identity Model: https://github.com/JustMeGaaRa/Identity/commit/11767973f6f0294e9f5cd632852be186bb98e911