From the course: ASP.NET Core Identity: Authorization Management
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Using imperative authorization - ASP.NET Core Tutorial
From the course: ASP.NET Core Identity: Authorization Management
Using imperative authorization
- [Instructor] So far when authorizing users, we have user the Authorize attribute and the Authorize attribute is used for declarative authorization, which means that you do not have access to any resources in the app without first checking if the user is authorized or not and this is a great way to check the user's authorization but of course it is not the best solution for all cases. Sometimes, you might need to get the resource and then check if the user has access to the resource or not. Imagine we want to do that in our school application. I'll say teachers write daily reports and then they save them all at the same place, but with an Author attribute attached to it. So now if a teacher wants to edit a report, it makes more sense to get a report and check if the user has access to it, rather than loading all the reports that the user has access to. Other than that, a report might have more than one author which complicates the situation even more. So in this case, it would be…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.