Attribute-Based Access Control Sample for a .Net Core API Application

#dotnet #authorization #authentication #permissions

GitHub Link: github.com/venbacodes/ABAC-Sample-for-API

This is a simple demo sample on implementing ABAC in a .Net Core API Application. This uses three main aspects of Attributes => ACCESS, SCOPE, and MODULE.

Key Points

Access, Scope, and Module attributes are used
It is possible to extend this sample to accommodate as many attributes as needed
No External libraries were used
Handled all the necessary authn and authz in the handlers itself.
Optional takeaway - added an additional path for restricting resources in PermissionsAuthHandler.cs#L60

To Explore

Clone and run the code
Generate a JWT token with email/sub and exp. Applicable emails can be found in TestUsers.cs
Add the generated JWT token in the swagger authorization menu and call the APIs

Top comments (0)

JWT, OAuth, OpenID Connect, and Azure AD: Authentication Levels

DotNet Full Stack Dev - Oct 21

C# Clean Code: Coding Conventions

mohamed Tayel - Oct 20

C# Tip: Raw String Literals with Interpolation

Juarez Júnior - Sep 16

Dica C#: Raw String Literals with Interpolation