Hi,
My architecture consists of the aspnet core + Angular4 website (merged client and server into one website) and several microservices we wrote. As far I can see client and server (core) handle authorization very clean and neat. What I need is to be able to use authorization in the microservices as well. I.E create some permissions and grant them to several users. When this user attempts to call a microservice I need him to be authorised check against these permissions. Which is the best practise to achieve this?
Thanks
9 Answer(s)
-
0
Hi,
Normally in a microservice architecture, it is better to seperate authorization functionality into a seperate microservice but in our template it will cost you more time than you gain from AspNet Zero.
So it is better to use Host project's rest api's from your microservices for authorization I think.
-
0
Hi,
Can you give more details please?
-
0
Hi,
I assume that you will use AspNet Zero to develop those microservices too. There may be many combinations and alternatives based on your requirements and restrictions.
Simplest implementation can be like that: You manage permissions in your main application. Then microservices asks permissions of users to the main app via an API. The extension point you can use is IPermissionChecker. You can implement this interface and replace. Thus, you can make HTTP request to query permissions from the main application. You may want to cache permissions for performance reasons.
Have a nice day.
-
0
Due to the nature of my architecture I cannot make rest calls every time. So it is better to cache it as you suggested. My plan is the following:
Once the microservice is up I do a rest call and get all permissions. Then I cache them and do local checks. How can I achieve that?
-
0
Sure, this was what I suggested.
Have a nice day.
-
0
How can I get all permissions of all users. Is there any Rest endpoint that return these?
-
0
Hi,
There is no app service for this, you need to implement it by yourself.
-
0
Can you please tell me if there is any service that I can use to achieve retrieving the permissions from database for a user?
-
0
Hi,
As you know, User edit dialog already gets all permissions for a user. You can take a look at the UserAppService for that. If you want a directly method name; You can use UserManager's GetGrantedPermissionsAsync method.
