Solution Review: Enforcing Role-Based Authorization

Explore how to enforce role-based authorization in ASP.NET Core by applying Authorize and AllowAnonymous attributes within controllers. Understand configuring roles for endpoints and using JWT claims to protect sensitive actions, ensuring secure access control in your applications.

We'll cover the following...

Overview
Solving the challenge
- The ContentController controller class
- The ManagementController controller class

using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;

namespace DemoApp.Controllers;

[Authorize(Roles = "admin")]
[Route("api/[controller]")]
[ApiController]
public class ManagementController : ControllerBase
{
    [HttpGet()]
    public IActionResult GetManagementConsole()
    {
        return Ok("Management console opened.");
    }

    [AllowAnonymous]
    [HttpGet("health")]
    public IActionResult GetApplicationHealth()
    {
        return Ok("Application is running.");
    }

    [HttpPost()]
    public IActionResult UpdateSettings()
    {
        return Ok("Settings updated.");
    }

    [HttpGet("users/{userId}")]
    public IActionResult GetUserDetails(int userId)
    {
        return Ok($"Details retrieved for user {userId}.");
    }

    [Authorize("superadmin")]
    [HttpDelete("users/{userId}")]
    public IActionResult DeleteUser(int userId)
    {
        return Ok($"User {userId} deleted.");
    }
}

Complete solution

1.Introduction to Single Sign-On (SSO)

2.JWT and Authorization Middleware

3.Enabling SSO in MVC Apps

4.Enabling SSO in Razor Pages

5.Enabling SSO in Web API

6.Enabling SSO in Blazor

7.Enabling SSO in gRPC

8.Enabling SSO in SignalR

9.Wrapping Up

10.Appendix

Solution Review: Enforcing Role-Based Authorization

Overview

Solving the challenge

The `ContentController` controller class

Solution Review: Enforcing Role-Based Authorization

Overview

Solving the challenge

The ContentController controller class

The `ContentController` controller class