Role based authorization in claim-based system

https://stackoverflow.com/questions/22601883

architecture
asp.net-mvc
asp.net-authorization
asp.net-identity

19-06-2023
|

Question

I am building a brand new ASP.NET MVC application with ASPNET identity. I am thinking whether to use or a hybrid of role-based and claim-based together.

The reason for hybrid is: Use role to control wider level access (Define Groups, e.g. New Your User Group, Sydney User Group), and claim-based to control more sophisticated level of access ,e.g. controller, developer, tester).

So if I want control at the level of Sydney User Group and developer only, I can use both role and claims together.

Does this sound right, or should I just use purely claim based authorization?

La solution

Claims are key/value pairs. For example: Claim type "Email", claim value "brockallen@gmail.com".

Roles are just claims: Claim type "Role", value "Sydney".

Licencié sous: CC-BY-SA avec attribution

Non affilié à StackOverflow