From the course: ASP.NET: Security
Authorizing in the app
- [Man] I have already created the custom off attribute class and now we have to put it to good use. First of all we have to go to our start up class. And here in the list of ours scopes we have to add the roles scope because we would like to receive the roles. Remember in our scopes sharp file we have created that scope here and in our clients c sharp file we have allowed that client to access all of the scopes. We can of course restrict a certain client to only get access to a select list of scopes. So basically all we need to do is to add roles here and then we have to go to our SharpController. Remember that the hook controller is secured by an authorize attribute. However there are two pages, AdminOrders and and AdminOrder and they should only be available to the admin role. This can now be done pretty easily. We use our CustomAuth attribute we just created and set roles to admin because at least Adam has the admin role. And if you recall Barbara doesn't and so again CustomAuth. Roles equals admin and that's it. That's all we need to do. Just by applying these attributes to those action methods. Let's run this in the browser. We log in to the shop as Adam and with Adam's secret. And now we have this additional checkbooks here whether we would like to grant the application access to the roles. Yes, of course we want to. I say yes I'll allow. We are redirected back to the application and now if we go to slash admin orders we have access to AdminOrders. However if we launch the whole thing again and this time are logging in as Barbara. So barbara@example.com. Barbara. Super secure password. We also get the question okay. Do we want to grant access to those roles. Barbara doesn't have any roles but if she had we would get access to them. I'd say yeah sure. And then we are redirected back again and if I now go to admin orders then we get 403 forbidden because Barbara isn't allowed to access that page. And that's role handling and role management. Very very easy with identities server and an ASP.net MBC.
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.