Authentication And Authorization (Part 3)

By Ashwin Venugopal -

 





Adding Authorization

We can determine if a user is authenticated, but we also need to know if they have the rights to use a specific feature. This is the essence of authorization. Fortunately, the available built-in functions accommodate this, even if we need to implement some code to achieve it. The server side contains all the tables required to assign roles to our users, but there are currently no user interfaces accessible for this purpose.

Adding Roles From The Server

Execute the following steps to add roles from the server:

  • In the MyBlogWebAssembly.Server project, open the Startup.cs file.

  • In the ConfigureServices method, add options to .AddApiAuthorization and remove the default claim mapping.

  • Add roles to Services.AddDefaultIdentity.

  • Add the namespace-

using Microsoft.AspNetCore.Identity;

using System.IdentityModel.Tokens.Jwt;

The server will now send the roles over to the client, but the client won't be listening.

Adding Roles To The Client

For the client to pick up the roles, we need to parse them from the access token:

  • Right-click in the MyBlogWebAssembly.Client project, then click Add | New folder. Name the folder Authentication.

  • Right-click on the Authentication folder and select Add | Class, then name the class RoleAccountClaimsPrincipalFactory.cs.

  • Replace the content of the file with the code from GitHub here-                              

https://github.com/PacktPublishing/Web-Development-with-Blazor/ blob/master/Chapter08/MyBlog/MyBlogWebAssembly/Client/ Authentication/RoleAccountClaimsPrincipalFactory.cs.

  • Now we need to add that to the dependency injection pipeline. Open program.cs and replace builder.Services.AddApiAuthorization(); with the following-builder.Services.AddApiAuthorization() .AddAccountClaimsPrincipalFactory>();

  • Add this to the namespace- using MyBlogWebAssembly.Client.Authentication;

Adding A Role To The Database

To add data to our database, we can use a tool called DB Browser for SQLite:

  • Download DB Browser for SQLite from https://sqlitebrowser.org/.

  • Open MyBlog.db in DB Browser; there should be 15 tables there.

  • Click the Browse data tab and select the AspNetRoles table.

  • Now create a role. You can call it Administrator.

  • Change table to AspNetUsers and copy the ID of your user (a GUID).

  • Change table to AspNetUserRoles and click on the Insert new row into the current table button (a document with a small +), then paste in the ID of the user and the ID of the role.

Now, we have authentication and authorization working.

Conclusion

We learnt how to add authentication to our existing site.




























Comments

Post a Comment

Popular posts from this blog

Information Protection Scanner: Resolve Issues with Information Protection Scanner Deployment

By Ashwin Venugopal -
Image
  About If you are experiencing problems with the Microsoft Purview Information Protection scanner, check the health of your deployment by utilizing the Start-ScannerDiagnosticsPowerShell cmdlet to start the scanner diagnostic tool. The diagnostics tool checks the following details and then creates a log files with the results: Whether the database is up to date. Whether network URLs are accessible. Whether there's a valid authentication token and policy can be acquired. Whether the profile is defined in the Azure portal. Whether offline/online configuration exists and can be acquired. Whether the rules configured are valid.  The Start-ScannerDiagnostics command does not perform a comprehensive check of prerequisites. If you encounter problems with the scanner, you need to verify that your system meets the scanner's requirements, and that your scanner's configuration and installation are finished.  Verify Scanning Details Per Scanner Node and Repository Run the Get-ScanSt...
Read more

How AMI Store & Restore Works?

By Ashwin Venugopal -
Image
  CreateStoreImageTask The CreateStoreImageTask API stores an AMI as a single object in an S3 bucket. The API initiates a task that collects all the data from the AMI and its associated snapshots, subsequently using an S3 multipart upload to store this data in an S3 object. It gathers all elements of the AMI, including most of the non-Region-specific metadata and all EBS snapshots included in the AMI, and consolidates them into a single object in S3. During the upload process, the data is compressed to minimize the space utilized in S3, which means that the S3 object could be smaller than the total sizes of the snapshots in the AMI. If the account making this API call has access to AMI and snapshot tags, they will be retained. The S3 object shares the same ID as the AMI, except it has a .bin extension. Additionally, the S3 metadata tags for the object include the AMI name, AMI description, AMI registration date, AMI owner account, and a timestamp indicating when the store operation...
Read more

Create A Store Image Task

By Ashwin Venugopal -
Image
  Introduction When you save an AMI in an S3 bucket, a task for storing the image is initiated. This store image task allows you to track the progress and result of the procedure. Securing your AMIs It is crucial to verify that the S3 bucket is set up with adequate security to protect the content of the AMI and that this security is upheld for the entire duration that the AMI objects are stored in the bucket. If this cannot be achieved, it is advisable to refrain from using these APIs. Make sure that public access to the S3 bucket is prohibited. It is suggested to activate Server-side encryption for the S3 buckets where you keep the AMIs, even though it’s not mandatory. When AMI snapshots are transferred to the S3 object, they are sent over TLS connections. It is possible to save AMIs that contain encrypted snapshots; however, the snapshots will be decrypted during the storing process. Identify the source AMI used to create a new Amazon EC2 AMI You can determine the AMI that was us...
Read more