Manage User Rights By Decorating Their Claims Identity

Claims based authorization in Dot Net is a hidden gem. But the reality is that you don’t really get a lot of useful claims from an external identity provider like Google or Microsoft. Google doesn’t know anything about your user or your security rights or your tenants. We manage security with roles and groups, not by individual user. So where’s that information going to come from? Hold on, keep listening, cause I’ve got a slick solution for you, and I think you’re going to like it. #security #csharp #aspnetcore Blog: https://betterwithcode.com/ LinkedIn: https://www.linkedin.com/in/jeff-zuerlein-2aa67b7/ 00:00 Intro 00:52 Describing The Solution 01:23 Configuring The Pipeline 01:44 Short Circuiting The Pipeline 02:04 What's The HTTP Context? 02:27 Tenants Example 02:57 Building The Middleware 04:06 ClaimsPrincipal vs ClaimsIdentity 05:15 Adding Policies 05:49 Demo Time 06:27 A Bit More Realistic 08:26 Why You Should Use It