Adelaide .NET User Group Podcast artwork

Managing granular authorisation in .NET, with Ryan Rowston

Adelaide .NET User Group Podcast

English - August 09, 2023 09:00 - 20.3 MB
Technology Education How To net microsoft user groups adelaide australia programming software development Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: ChatGPT Client with Blazor, GraphQL, .NET and Azure OpenAI Service, with John Merchant
Next Episode: Revolutionizing Online Retail with Blazor, with James Chapman-Smith and Donald Urquhart

We have a challenge: Modern day administrators want to keep a tight rein on who can perform different actions in their systems. Join us and learn how we've evolved our authorisation patterns to grant highly granular permissions to different users, while maintaining developer-friendly patterns in code.


In this talk I'll explain how we've approached this challenge, including:

How we've encoded discreet permission levels as bits in a 64-bit integer using a .NET flags enum.
How we've used an extended Authorize attribute to allow for developer to add authorisation in one line to API controllers/endpoints.
How we've enabled dynamic policy generation to account for the potentially quintillions of unique permission combinations that this enables.

Links:

Ryan on LinkedIn