A Claim of type 'Role' is too abstract

Asked Sep 13 '15 at 13:34

Active Sep 13 '15 at 13:34

Viewed 46 times

I have built a web api with asp.net identity and bearer token auth.

I understand that roles outcome is true/false and a claim is a finer grained statement about an user.

But a claim of type role is just something abstract just a name like "ProjectManager" and it is written NOWHERE what are the permissions this Claim of type role has. I have not seen any sample doing this, but before claims exist in 2010 I did an application with Roles N ---- M Permissions.

and the Permissions were a

[Flag]
Enum Permissions
{
   CanWriteX = 0
   HasTopicAcess = 1
   //....
}

Where can I see this old approach with role claims?

asked Sep 13 '15 at 13:34

Elisabeth

20,496
52
200
321

The old approach (the only oob I know with roles): IsInRole() still works. There is no definition/specification of Role to permission mapping. It is up to the application. – paullem Sep 14 '15 at 10:27
Up to the application? Why do all sample apps that float around with asp.net mvc/web api just show a Role attribute authz ? – Elisabeth Sep 16 '15 at 18:57
This is a new question.... Take a look at the many articles by Dominick Baier he explains how you can do more than attribute. To get complete RBAC (which is much more than just group membership of .IsInRole) you need to add your own code. – paullem Sep 18 '15 at 20:10
you have a concrete link in mind? Dominick has many links on his blog ;-) – Elisabeth Sep 19 '15 at 05:56

A Claim of type 'Role' is too abstract

0 Answers0