Managing granular authorisation in .NET, with Ryan Rowston
Adelaide .NET User Group Podcast
English - August 09, 2023 09:00 - 20.3 MBTechnology Education How To net microsoft user groups adelaide australia programming software development Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
We have a challenge: Modern day administrators want to keep a tight rein on who can perform different actions in their systems. Join us and learn how we've evolved our authorisation patterns to grant highly granular permissions to different users, while maintaining developer-friendly patterns in code.
In this talk I'll explain how we've approached this challenge, including:
How we've encoded discreet permission levels as bits in a 64-bit integer using a .NET flags enum.
How we've used an extended Authorize attribute to allow for developer to add authorisation in one line to API controllers/endpoints.
How we've enabled dynamic policy generation to account for the potentially quintillions of unique permission combinations that this enables.
Links: