I have a .NET WebApi app that uses a custom built OAuth2 server. My API needs to have a level of social integration where certain users can see certain other user's data which brings up the concept of fine grained authorization and access control.
Example:
Each user has a profile and when 2 users become friends they are able to see each other's profile, or a user can request access to a certain part of another user's data. I basically need to check access on every request and inspect the requested action/resource and route values (like a specific userId or profileId).
I have looked at a lot of authorization practices (and am already using some basic claims, roles) and am wondering if there is a good framework already out there to accomplish this type of very fine grained and dynamic access control - mainly focused on social integration, or if there's a good point to start at as I am lost beyond the standard claims authorization in .NET. Thanks!
