Tech learning

Around 2.5 years back I had written about custom authorization on MVC  Custom authorization on class, action/function, code, area level under Asp.Net MVC application , there are few approaches which are changed in Core version for authorization. Like Authorization filter approach is discouraged since it cannot be unit tested. I believe this is right step but also global or basic authentication could still be driven by Attribute due to enhancing simplicity on codes by focusing on the primary objective rather than writing authorization check everywhere. The whole approach and usage remain same from the original Post, in this, we would be just looking into making it compatible with dotnet Core MVC. You would need to go through earlier Post to understand the approach that was taken for authorization of a user. Also, can go through official post: https://docs.microsoft.com/en-us/aspnet/core/security/authorization/policies to understand new approach. More of all we need to create...

With evolution of ASP.Net MVC there are lot of inbuilt feature came and evolved with time. One of those is Authorization and Custom Authorization. The in-built function is sufficient enough to handle anonymous user restriction, user based on there name, specific roles for user with just single class AuthorizeAttribute . To implement we need to decorate attribute on any given class, action based on need. Example: [Authorize] public ActionResult Test() { } By just providing  Authorize  attribute anonymous user are restricted. It has Roles  and Users  property parameters to restrict access based on certain role or user which can accept multiple values by comma separated as string format. In one of the situation, I got chance to built an authorization where roles keep changing. Administrator can add new role, delete any role or modify existing role. In that situation we cannot map roles with codes. So, there were two way to achieve by creating group ...