Attribute-Based Access Control Sample for a .Net Core API Application

Venky Writes
Jan 2, 2022

--

GitHub Link: github.com/venbacodes/ABAC-Sample-for-API

This is a simple demo sample on implementing ABAC in a .Net Core API Application. This uses three main aspects of Attributes => ACCESS, SCOPE, and MODULE.

Key Points
1. Access, Scope, and Module attributes are used
2. It is possible to extend this sample to accommodate as many attributes as needed
3. No External libraries were used
4. Handled all the necessary authn and authz in the handlers itself.
5. Optional takeaway — added an additional path for restricting resources in [PermissionsAuthHandler.cs#L60](https://github.com/venbacodes/ABAC-Sample-for-API/blob/main/Authorization/PermissionsAuthHandler.cs#L60)

To Explore
1. Clone and run the code
2. Generate a JWT token with email/sub and exp. Applicable emails can be found in [TestUsers.cs](https://github.com/venbacodes/ABAC-Sample-for-API/blob/main/Model/TestUsers.cs)
3. Add the generated JWT token in the swagger authorization menu and call the APIs

Authorization
Authentication
Abac
Dotnet Core
Permission

--

--

Venky Writes

Written by Venky Writes

10 Followers

Web Architect .Net Core, API, Azure, Serverless, Product Design & Delivery, Agile, C#, MVC, SQL DB, Cosmos DB, DevOps, Azure Log Analytics and Workspaces (KQL)

More from Venky Writes

See all from Venky Writes

Recommended from Medium

Lists

Staff Picks

323 stories82 saves

Stories to Help You Level-Up at Work

19 stories52 saves

Self-Improvement 101

20 stories102 saves

Productivity 101

20 stories109 saves
See more recommendations

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech