All your videos are right on time 🤩 We use Microsoft Entra ID for authentication. However, we plan on building our own access control API and make use of claims transformations. We use Redis as cache.
Great video. I just have one question: if I need to access the database in the claims transformation process, where should I do it? In the implementation of IClaimsTransformation interface, or in the permission provider class?
interesting solution. the problem is that that this only works in a monolith. if you have 2 apis 1 .net and 1 python, then this logic will not work here. rather i think permissions should be part of the access token claims. in this way it won't matter what programming language I'm using, I'll be able to extract the permissions from the access token
Or they can both run the same logic and get the claims? In fact, you can cache the results in a distributed cache so the other API doesn't have to do any work
The setup process for using Minimal API in production is tiresome. It's either Controllers or FastEndpoints, one of the best libraries in the ecosystem right now. FastEnpoints is what minimal API’s should have been.
I would love to have middleware that can consume the first part of a url param to determine authorization… api/{departmentid}/{createorder}, now we have to determine authorization in endpoint itself.
great video, but in this case the normal user has the same permission than a user with a standard plan, he or she just need to be registered, even tough it was a great concept, you take the CreateScope and GetRequiredSerrvice from my comment?
Want to master Clean Architecture? Go here: bit.ly/3PupkOJ
Want to unlock Modular Monoliths? Go here: bit.ly/3SXlzSt
All your videos are right on time 🤩
We use Microsoft Entra ID for authentication. However, we plan on building our own access control API and make use of claims transformations. We use Redis as cache.
I think this will be a great fit for your use case. Will you use Roles/Permissions, Policies?
@@MilanJovanovicTech Policy-based authorization with permissions.
Roles and Groups would be managed by our Access Control API.
Excellent video! I learned a lot from you today :)
Glad to hear it!
Inventory management with redis. I like you with it
Interesting for shopping carts also
Great content as always 💯
Appreciate that!
Great video. I just have one question: if I need to access the database in the claims transformation process, where should I do it? In the implementation of IClaimsTransformation interface, or in the permission provider class?
It's all the same. I'd put that in a service that I will resolve from the IClaimTransformation impl.
He stated at 6:28 that you could replace GetSubscription with an API or Database call.
interesting solution. the problem is that that this only works in a monolith.
if you have 2 apis 1 .net and 1 python, then this logic will not work here. rather i think permissions should be part of the access token claims. in this way it won't matter what programming language I'm using, I'll be able to extract the permissions from the access token
Or they can both run the same logic and get the claims? In fact, you can cache the results in a distributed cache so the other API doesn't have to do any work
Thanks Milan
Any time! :)
Sorry, but what should be stored in Infrastructure and Persistence?
Check here: th-cam.com/video/TQdLgzVk2T8/w-d-xo.html
@@MilanJovanovicTech There was nothing I needed
Really good video, except i dislike minimal api, but other than that great.
Thanks. Why do you not like Minimal APIs?
Its only about adapting to change😊
The setup process for using Minimal API in production is tiresome. It's either Controllers or FastEndpoints, one of the best libraries in the ecosystem right now. FastEnpoints is what minimal API’s should have been.
Thanks best video!
Glad you liked it!
Does this work well with dynamic claims? Let’s say a CreateOrder Claim but said user can only create them for his department
I think you'd need to have auth in the use case as well
I would love to have middleware that can consume the first part of a url param to determine authorization… api/{departmentid}/{createorder}, now we have to determine authorization in endpoint itself.
@@EvekoShadow That's resource-based authorization, which is a bit different.
How does this differ from ClaimsPrincipalFactory?
It's not an Identity concept
great video, but in this case the normal user has the same permission than a user with a standard plan, he or she just need to be registered, even tough it was a great concept, you take the CreateScope and GetRequiredSerrvice from my comment?
It's a dummy example... The plan would be fetched from a database, for example.
@@MilanJovanovicTech ok i got it, great video thank for sharing your knowledge with us, i really appreciate it
Good video
Glad you enjoyed!
我想知道 Infrastructure 和 Presentation 中应该存储哪些内容?
Check this out: th-cam.com/video/TQdLgzVk2T8/w-d-xo.html
@@MilanJovanovicTech Sorry, but what should be stored in Infrastructure and Persistence?
I want to know as much as you
One video at a time :)