From the course: ASP.NET: Security
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Authorizing against IdentityServer
- [Instructor] So far the only requirement for users to, well, access the shop now was that they were authenticated, but there was no authorization. We might, however, have sections on our websites that should only be available to certain roles or certain people. There are different approaches how this can be achieved, but one way that is used quite frequently is as follows. First of all, we have to use an additional scope, roles, that is set up in our scopes C# class. Then, next up for those users that have a certain role, we add a new claim, a claim that provides their role. So in that case, your user that gets this additional claim has the role Admin. That's something we can check later with the standard Authorize Attribute that ASP.NET provides. When we set up OpenID Connect, we have to add the new role scope here as well because this scope now is required. We would like to get the roles of the current user in form of a claim, therefore, we need to add roles to the list of scopes…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.