Introduction To Permission Authorization In ASP.NET Core 7 | Permission Authorization - Part 1

What is the starting point of this project? I would love to do this gatherly app.

Hi Milan! Your videos are awesome I am here coming from the Clean Architecture course. And I wondered how you got a reference to get the permission attribute from the Infrastructure project in your controllers. I thought the presentation layer only references the Application layer?

Amazing series

Smahed that liked button 💪

Thank you 🎉🎉🎉

Fantastic video

Hello. I have a more complicated authorization problem. I need to implement resource-dependent authorization. For example, so that the user can access only those records to which he has access. Can you give me some advice ?

Milan, I've found that running the program after implementing these changes throws an exception. I initially thought it was something that I had done, but after loading the source code from Patreon, I'm getting the same error. I was wondering if you ran into the same issue and if you know the fix. The exception is: System.AggregateException: 'Some services are not able to be constructed (Error while validating the service descriptor 'ServiceType: Microsoft.AspNetCore.Authorization.IAuthorizeData Lifetime: Scoped ImplementationType: Gatherly.Infrastructure.Authentication.HasPermissionAttribute': Unable to resolve service for type 'Gatherly.Infrastructure.Authentication.Permission' while attempting to activate 'Gatherly.Infrastructure.Authentication.HasPermissionAttribute'.)'

This is one of the series I've been waiting for the most. I enjoy and learn a lot with your content, thank you very much for sharing Milan.😃

Hmmm. You could say nameof(policy)

One important security tip when implementing permission scopes like this: the default behavior for any endpoint should be to deny all requests if no permission scopes are specified. If you don't implement it this way, you could easily forget to restrict an important endpoint and inadvertently introduce vulnerabilities.

Every your videos is very usefull @Milan

This is very useful, please keep going with this. I looking forward to seeing part 2

How the comment spam detection works in this channel !? 🤷‍♂
If you can check out your spam comments at least 😅😅🤦‍♂
I tried to suggest something 20 different ways but I failed.

@Milan I must be missing something. After saying that Roles and Policies have to be hardcoded you implement HasPermission as a subclass of the same attribute, Authorize, and then call the constructor of that attribute with your permission value as Policy. So in fact we are still using the Authorize attribute with the policy parameter. How is this improving things? Or are you going to implement something different than calling the base constructor in part 2 ?

Great stuff. I have one question and that is why you define the class as sealed in the controller and the HasPermission class either?

Great stuff, waiting for part 10 ;-)

Really excited about your future videos. Awesome work!

Great vid! Looking forward for next parts! The authorization is the basic part of every enterprise web application. Thanx! 🙂

Awesome video! Keep them coming

Using enum is really a great choice for this scenario, kindly waiting for the part 2, thanks for the efforts you put into this.

Great!

Keep coming homie!