AuthorizeAttribute with Groups for Group-Based Permissions

aspnet / Security

[Archived] Middleware for security and authorization of web apps. Project moved to https://github.com/aspnet/AspNetCore

Apache License 2.0

1.27k stars 600 forks source link

AuthorizeAttribute with Groups for Group-Based Permissions #262

Closed mojtabakaviani closed 9 years ago

mojtabakaviani commented 9 years ago

Next version of Asp.Net Identity will be Implementing 'Group Based' Permissions Management for large numbers of users please add groups named parameters to AuthorizeAttribute that easy authorize groups every where.

hishamco commented 9 years ago

@mojtabakaviani You asking for something like [Authorize(Roles = "Administrators")] this is already implemented, have a look https://github.com/aspnet/Security/blob/dev/src/Microsoft.AspNet.Authorization/AuthorizeAttribute.cs#L21

blowdart commented 9 years ago

Groups are an ease of administration concept.

Group = collection of users.

You authorize on permissions.

Roles = collection of permissions.

Groups are not suitable for authorization.

mojtabakaviani commented 9 years ago

Right, but if can add groups to Authorization mechanism so [Authorize(Groups = "Administrators")]

blowdart commented 9 years ago

It won't happen. Groups are not meant for, nor designed for authorization.

HaoK commented 9 years ago

@blowdart can we just close this since you won't fixed?

blowdart commented 9 years ago

Closed, by design.