Base solution for your next web application
Starts in:
01 DAYS
01 HRS
01 MIN
01 SEC
Open Closed

Authorization in 3rd party service #2883


User avatar
0
antonis created

Hi,

My architecture consists of the aspnet core + Angular4 website (merged client and server into one website) and several microservices we wrote. As far I can see client and server (core) handle authorization very clean and neat. What I need is to be able to use authorization in the microservices as well. I.E create some permissions and grant them to several users. When this user attempts to call a microservice I need him to be authorised check against these permissions. Which is the best practise to achieve this?

Thanks


9 Answer(s)
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    Normally in a microservice architecture, it is better to seperate authorization functionality into a seperate microservice but in our template it will cost you more time than you gain from AspNet Zero.

    So it is better to use Host project's rest api's from your microservices for authorization I think.

  • User Avatar
    0
    antonis created

    Hi,

    Can you give more details please?

  • User Avatar
    0
    hikalkan created
    Support Team

    Hi,

    I assume that you will use AspNet Zero to develop those microservices too. There may be many combinations and alternatives based on your requirements and restrictions.

    Simplest implementation can be like that: You manage permissions in your main application. Then microservices asks permissions of users to the main app via an API. The extension point you can use is IPermissionChecker. You can implement this interface and replace. Thus, you can make HTTP request to query permissions from the main application. You may want to cache permissions for performance reasons.

    Have a nice day.

  • User Avatar
    0
    antonis created

    Due to the nature of my architecture I cannot make rest calls every time. So it is better to cache it as you suggested. My plan is the following:

    Once the microservice is up I do a rest call and get all permissions. Then I cache them and do local checks. How can I achieve that?

  • User Avatar
    0
    hikalkan created
    Support Team

    Sure, this was what I suggested.

    Have a nice day.

  • User Avatar
    0
    antonis created

    How can I get all permissions of all users. Is there any Rest endpoint that return these?

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    There is no app service for this, you need to implement it by yourself.

  • User Avatar
    0
    antonis created

    Can you please tell me if there is any service that I can use to achieve retrieving the permissions from database for a user?

  • User Avatar
    0
    hikalkan created
    Support Team

    Hi,

    As you know, User edit dialog already gets all permissions for a user. You can take a look at the UserAppService for that. If you want a directly method name; You can use UserManager's GetGrantedPermissionsAsync method.