This year at NDC Melbourne I presented; Developing Flexible Authorisation Capabilities with ASP.NET Core:
ASP.NET Core Identity supports the essentials for authentication and authorisation across many application types such as web, API, and mobile. With Identity, authorisation is a breeze! Developers can implement authorisation checks using numerous methods including roles, claims, and policies. However, this approach is not without limitations.
For example, updating authorisation requirements will require code changes, along with the time taken to test and deploy these changes. Checking user or role permissions is also tricky, you’ll need to review the code or documentation – and hope the documentation is still up to date! As systems grow, authorisation requirements will grow, and these limitations can slow new development and decrease maintainability.
In the talk, I demonstrate an approach using permission-based authorisation to overcome these limitations and improve the flexibility and visibility of access control across your system.
I hope you enjoy the talk, please feel free to post any questions or comments below.