Update to net 6

[fasteddys]

Hi can also support dynamic claims

[mo-esmp]

Hi @fasteddys, can you explain more about the purpose of using dynamic claims and where it comes in handy?

[fasteddys]

Here is a nice example of a an issue, but I also have confusion between policy and claim. So I thought you would be expert :)

Policy & groups with claims

https://www.tektutorialshub.com/asp-net-core/claims-based-authorization-in-asp-net-core/ https://stackoverflow.com/questions/53127395/are-asp-net-core-claims-reliable-and-secure-from-tampering https://stackoverflow.com/questions/35231107/choose-between-asp-identity-claims-and-sessions-data

Claims allow you secure granular information beyond roles, i.e. in groups across the geographical areas/financial hubs/data hubs within the same role.

For e.g. you can have a manager/analyst role, but managers could belong to 3rd party contractors, internal Finance, or another country. We want to make sure people in that area like Managerswith a EUclaim can access the financeinformation local to dubaithere.

Managers with Vendor claim are not allowed to some data etc.

[mo-esmp]

Sorry for the late reply @fasteddys . The policy is a way of authorizing users and claims are a way to identify the users and with the help of claims, we can implement our policies. Policies are more flexible in comparison with the Authorize attribute to implement custom authorization, however, the implementation of DynamicRoleBasedAuthorization is flexible enough without needing custom implementation, achieve the desired functionality.

In a large organization, there are the same roles but in different departments and locations with different access. The next step for this library could be adding Department and then adding a role to the department.

Claims can help in the case of reducing database calls to check user access but it creates problems with being dynamic because when I remove a role or access from a user, I have to revoke the claim corresponding to the role. We can work on your idea to implement this functionality.

[fasteddys]

Hello @mo-esmp Happy new years, and thanks for that explanation, so we can map a role to a dept. Can we add hierarchical org/dept. and map those to our dynamic roles, I want to be able to seperate outside managers/vendor managers from inside managers for some financial access (cost, pruchase price etc)

[danijel88]

Hello, Something similar I had ask @mo-esmp . What I had did and if that can help you I can refactor the code into lib and share with you so we can contribute. What was my idea: To have many roles inside of an organization, that organization has many departments, but at the end certain department can create new users and assign to them only specific role(s). Example: if we have next roles: Admin, HR, Accounting Manager,Accounting Analytics, Accounting Member ,Manager, CEO, etc... And new users can be created by Admin,HR, Accouting Manager and CEO, but they can only assign specific roles to the users. Example: Nobody can assign Admin expect Admin, but HR can assign everything else, and Accounting Manager, can assign only roles related to Accounting and CEO can assign Accounting Manager and HR.

In one of my private projects I had manage to solve this situation, if you think this can help you I can refactor the code into lib and share with you guys and we can work on improvements.

All the best

[mo-esmp]

Hey @danijel88, Yes, I remembered that #25 and it's open. If you share your code via a repository with us, that would be a great help and we can work on that. These days I'm really busy and without aid, it would take a long time to be implemented just by myself.

[danijel88]

I would like to share code with you. Since it is not as separate lib and it is part of another project, I need refactor the code. Based on current availability me too will need couple of days to manage this. I'm getting back to you asap. about #25 we can close, no problem at all.

[mo-esmp]

I prefer to close this one hence its title is updating to .NET 6.0. I will create a new issue or continue on issue 25 when your repo is ready.

[fasteddys]

One more thing in the UI for the roles can we add icons too :) and

be able to export and import users & roles & claims configuration for backup in JSON or XML

[mo-esmp]

I have a plan to change UI and there is a repo for that.

[fasteddys]

Thats awesome, looking forwards to it.