Any udpates on status of this?
Closed this issue · 2 comments
If I'm not mistaken this project isn't as feasible as it once was correct?
It seems these days that Claims would be the proper implementation of user-permissions , and Roles would be the Groups. You would have to use a custom Authorization attribute that combines Role and a Claim registration.
As seen here: http://benfoster.io/blog/asp-net-identity-role-claims albeit without the grouping for authorization.
Which would mean no additional database models are needed from the standard AspNet provided ones. Simply new superficial architecture in the code to relate User Claims to Roles.
Here's a more simplified overview of the topic:
https://leastprivilege.com/2015/10/12/the-state-of-security-in-asp-net-5-and-mvc-6-authorization/
Anyone out there still using this project as an original building block for their system?
I've already begun using this as it's probably the most complete example I've seen anywhere using relatively recent code design for the latest .net framework.
But I can't help but worry about this in the long run. Claims are the new hotness are they not?
Hi! Yes, it's an easy shortcut if you need it, but indeed, claims would definitely be the more robust solution. As I said long ago, this began life as something if a hack I needed.
Ah man thank you so much for the reply. I've been going through all the articles trying to find something that says "hey, this is what you need to do as of 2017". Really appreciate it!!
I think I'm going to try and retrofit this project to use Claims based auth, and drop some of the Group'ing approach. Your examples have really helped me a lot. I'll share my results if I can get it into something worthy of sharing!