Summary of my problem
My project is more complex but here is my problem at very basic level. I have a Blazor WebAssembly project where I do just basic CRUD operations.
I also have a small database and lets say I have two tables Users and Roles. What I do is to create their classes in Database-First fashion, by using Scaffold-DbContext and I run this command on the Shared project because I also want to reach to these classes from both Server and Client projects.
When I try to used Individual User Accounts on Authentication tab when creating a Blazor WebAssembly project, it creates the data models in the server. Which means I cannot access to my tables from Client Project. They need to be in Shared. Also it is Code-First based. I don't want to use migrations.
What I tried
What I tried to do is to create an identical -almost- project with Individual User Accounts projects but my Users class inherits IdentityUser and my DbContext inherits ApiAuthorizationDbContext but problem starts here.
I cannot add ApiAuthorization package from NuGet because it says Shared project does not compatible with .NetStandard 2.1.
Also changing Shared project's standard didn't work.
Some Questions
Can't I just add my users table on the Shared and use Identity from that table? (Since it's just a single table of rather larger database)
Do I need two databases for this? One for Identity, one for rest of the application?
Do I need to use Identity for Authentication & Authorization? What else can I use? Or Can I use a custom one where I can use it as I described earlier (Having models in Shared project)
My Goal
I want to authorize users with [Authorize] property. Since I cannot accomplish the registration, I cannot proceed.
Use 2 DbContexts. The Identity tables (yours or ASP.NET) should not be part of the Shared or Client projects.
I want to authorize users with [Authorize] property
The real authorization happens on the server, nothing in the client is safe. Have you looked at the complete (JWT based) implementation in the template?
Can't I just add my users table on the Shared and use Identity from that table? (Since it's just a single table of rather larger database)
No, Identity needs the base class. And your client app doesn't need (and shouldn't see) most of its properties.
Do I need two databases for this? One for Identity, one for rest of the application?
That is the best way. Note that you can have 2 DbContexts for 1 physical Db.
Link to the User wit a simple UserId (no Nav property) when needed.
Related
I was trying to implement Multitenancy architecture using ABP Framework, but somehow unable to find any solution in the given samples code where they implemented each tenant has a separate, dedicated database to store the data related to that tenant. Please let me know anyone tried this implementation using ABP Framework. If possible provide a GitHub link for code reference.
you need to enter the tenant's connection string to the database table AbpTenantConnectionStrings
I have a shared Database for a Multi-Tenant WebApplication, that uses Entity Framework Core. The Tenants have their own Tenant Table and every model has a Tenant ID.
By Design it is not possible to access the data of another Tenant because I have Query Filters and the code in the controllers always checks TenantId.
But I would like to encrypt the data of each Tenant or at least the most sensetive data with a different key or purpose string.
I implemented it for one model with the Protection API.
It would be a lot of work though to implement it for every model, because I have to call protect and unprotect after every Database call in the controller.
I am using MariaDB as my Database. Does somebody know if it is possible to let MariaDB do the encrypting? I know you can encrypt the data at rest, but is it also possible to encrypt different rows identified by TenantId with a different key?
I am new to working with Blazor and Authorization. Background is desktop apps in Vb.Net, so I have been reading everything I can on it, but it still is very confusing when I only want a specific subset of the options out there.
I have a very simple intranet Razor Server based app that is getting the windows user name correctly with default authentication. (I use the name in calls to stored procedures for logging, so I know that is working correctly.)
What I need is to implement authorization (role based would be fine) based on information I have already in the database tied to the user name).
Where and how does one add roles to an existing authstatetask or other object instantiated by the default processes?
Everything I have seen deals with the EF version of Identity or wants to override the authorization task.
I have Simple DB calls being made in Dapper which will return an identifier from which I can set roles.
I just need pointers to the proper method and where in the app I should put it. I have just a single .razor page being loaded, Navbar is disabled.
You can either :
Implement Identity stores for Dapper following instruction in this blog : ASP.NET CORE IDENTITY WITHOUT ENTITY FRAMEWORK
Use Policy-based authorization and create authorization handlers meeting your requirements
For each user that connects to our MVC app, I need to store several custom properties (like its role, a list of sites he has access to, etc.). I know how to get the values for those properties (from our SQL database); what I need to know is the best practice to keep this "singleton/static/unique" object accessible across each view, and avoid to poll the DB each time.
Our authentication is Windows authentication.
Could be misinterpreting what you are asking, but ViewBag/ViewData are good tools for cross View/Controller data.
I have implemented IdentityServer4 in ASP.NET core with one application as Identity server and second one as client. I have couple of queries
1. I want to add roles to the profile information returned.
2. What are scopes there for ?
can someone provide a fair idea ?
To add roles, check out the IdentityServer4.AspNetIdentity nuget package. See Using ASP.NET Core Identity.
Scopes are used to create a relationship between ApiResources and Clients. Rather than say, associated the name of a client api (e.g. AccountingApi) to an ApiResource, we associated the client api to a scope (e.g. internalApis) and then associated the same scope to the ApiResource.