Authorization depending on user organization .net core

211 views Asked by At

I have Organization, UserType, AspNetUser,Department, Stock and SIM tables as the following schema

when the user call the endpoint api/sims/1 and the user type for the user is not super admin and the organization of the user is not the same as the organization of the sim i want to return unauthorized so what is the best practice for doing this in asp.net core web api 3.1?

1

There are 1 answers

0
Zhi Lv On

You could try to use Claims-based authorization or JWT authorization in the asp.net core web API application.

After user login successfully, you could add claims for the current user based on his organization. Then, according to the claims to add policy and configure the authorization. You could refer the following links:

Claim Based And Policy-Based Authorization With ASP.NET Core

Claims-based authorization in ASP.NET Core

Besides, you could also use the claims to generate a JwtSecurityToken, then protect the API application by implementing JWT authentication. Check the following tutorial:

Authentication And Authorization In ASP.NET Core Web API With JSON Web Tokens

JWT Authentication In ASP.NET Core