Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Mastering Minimal APIs in ASP.NET Core

You're reading from   Mastering Minimal APIs in ASP.NET Core Build, test, and prototype web APIs quickly using .NET and C#

Arrow left icon
Product type Paperback
Published in Oct 2022
Publisher Packt
ISBN-13 9781803237824
Length 240 pages
Edition 1st Edition
Languages
Tools
Arrow right icon
Authors (3):
Arrow left icon
Marco Minerva Marco Minerva
Author Profile Icon Marco Minerva
Marco Minerva
Emanuele Bartolesi Emanuele Bartolesi
Author Profile Icon Emanuele Bartolesi
Emanuele Bartolesi
Andrea Tosato Andrea Tosato
Author Profile Icon Andrea Tosato
Andrea Tosato
Arrow right icon
View More author details
Toc

Table of Contents (16) Chapters Close

Preface 1. Part 1: Introduction
2. Chapter 1: Introduction to Minimal APIs FREE CHAPTER 3. Chapter 2: Exploring Minimal APIs and Their Advantages 4. Chapter 3: Working with Minimal APIs 5. Part 2: What’s New in .NET 6?
6. Chapter 4: Dependency Injection in a Minimal API Project 7. Chapter 5: Using Logging to Identify Errors 8. Chapter 6: Exploring Validation and Mapping 9. Chapter 7: Integration with the Data Access Layer 10. Part 3: Advanced Development and Microservices Concepts
11. Chapter 8: Adding Authentication and Authorization 12. Chapter 9: Leveraging Globalization and Localization 13. Chapter 10: Evaluating and Benchmarking the Performance of Minimal APIs 14. Index 15. Other Books You May Enjoy

Handling authorization – roles and policies

Right after the authentication, there is the authorization step, which grants an authenticated user permission to do something. Minimal APIs provide the same authorization features as controller-based projects, based on the concepts of roles and policies.

When an identity is created, it may belong to one or more roles. For example, a user can belong to the Administrator role, while another can be part of two roles: User and Stakeholder. Typically, each user can perform only the operations that are allowed by their roles. Roles are just claims that are inserted in the JWT bearer upon authentication. As we’ll see in a moment, ASP.NET Core provides built-in support to verify whether a user belongs to a role.

While role-based authorization covers many scenarios, there are cases in which this kind of security isn’t enough because we need to apply more specific rules to check whether the user has the right to perform...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image