C
C#

Authorization in microservices arch

Authorization in microservices arch

EELENA
View on Discord
11/19/2023
Hello everyone, I'm quite new to the NET microservices arhitecture and right now I'm implementing a. Net app for learning management and it consists in several microservices and an API gateway - Ocelot . So the authentication is handled in the gateway (bearer token) And for the authorization part I have some concerns: i have a dedicated microservice which holds the users roles permissions and scopes and I was thinking that in the gateway to have a middleware and on each request to fetch the user permissions and scopes and add them in the request header. Then on microservice layer on each controller endpoint i use a dedicated typefilteredattr in which i pass a list of strings and optionally an operator that could be or / and . And in the custom filter in onauthorization method i extract the users permissions and apply the validation logic taking into account the required permissions and the operator that are passed throught the custom attribute. For the gateway i could also implement caching for the user permissions. Could be this a reliable solution . Maybe it s not a good ideea to pass the permissions and scopes in the request header because it could exceed the size limit and i assume that if only the gateway is exposed public there is no risk . What other alternatives do you see or use? Thanks.
MMMayor McCheese
View on Discord
11/20/2023
Caching user permissions is dicey and should be driven by the domain/vertical. Compliance guidance will determine that, example: access to medical records would be immediately revocable. Here is a good overview of authorization handler in asp.net core https://learn.microsoft.com/en-us/aspnet/core/security/authorization/policies?view=aspnetcore-8.0 The docs call out all authhandlers are AND so if you need OR you're in some customer work land; I'd consider an attribute that the an author handler would consume, but mixing and/or can have undesirable results.

Looking for more? Join the community!

C
C#

Authorization in microservices arch

Join Server
Want results from more Discord servers?
Add your server
Recommended Posts
✅ I can't get my runButton button to work on a windows form app```cs if (e.KeyCode == Keys.Enter || (e.Modifiers == Keys.None && sender == runButton)) ``` I can sGit and Google Drivenew git user.. it seems to have your local repositories in a google drive controlled file structure ASP.NET CRUD MODALI created a MVC controller with actions (CRUD) and I would like to know, how to modify this pre geneError✅ using from another csprojCurrently i have 2 projects, an api app and a worker service app And both use the same models. Is thJavascript not working on my MVC projectI'm learning front end tutorials at the moment so I'm totally new to designing websites. _Layout.cs