Developing Flexible Authorisation Capabilities in ASP.NET Core

Developing Flexible Authorisation Capabilities in ASP.NET Core

ASP.NET Core Identity supports the essentials for authentication and authorisation across many application types such as web, API, and mobile. With Identity, authorisation is a breeze! Developers can implement authorisation checks using numerous methods including roles, claims, and policies. However, this approach is not without limitations.

For larger and more complex systems, you may quickly find yourself stuck in the depths of 'Permissions Hell'. For example, updating authorisation requirements will require code changes, along with the time taken to test and deploy these changes. Checking user or role permissions is also tricky, you'll need to review the code or documentation - and hope the documentation is still up to date! As systems grow, authorisation requirements will grow, and these limitations can slow new development and decrease maintainability.

In this talk, Jason Taylor will demonstrate an approach using permission-based authorisation to overcome these limitations by building a flexible approach to managing roles and permissions from within your system. This will improve the maintainability and visibility of access control across your system. Putting the power into the hands of application users and administrators, rather than developers.