I found so many example but still not one answering my problem.
ASPNET Core2
Assuming I got 2 controllers (CompanyController, ClientController).
Within each controller I got of course the Create, Read, Update, Delete Actions.
Now, some employees(users) could be claiming are either Company or Client or both so these users can access those controllers.
Now the problem is that Employee_A can do CRUD(Create, Read, Update, Delete) on CompanyController AND only Read on ClientController.
While Employee_B can have only Read and Create on ClientController.
So do I have to create a Claim OR Role for every case on Startup.cs (services.AddAuthorization(options =>
{options.AddPolicy("Sales", policy => policy.RequireClaim(claimType, "Company", "Client"));
});)>>> ClaimCompany, Claim_Client to decorate the controller.
And then Claim_Company_Create, Claim_Company_Read, Claim_Company_Update, Claim_Company_Delete AND Claim_Client_Create, Claim_Client_Read,Claim_Client_Update, Claim_Client_Delete and associate the users with every scenario they belongs to?
I try to use only a generic CRUD but then Employee_A would have be able to do everything on every controller is claiming to be part of. So it doesn't work.
So now my issues is that If I got 50 Controllers, how can I make this more simpler without to create all those sub-claim for every CRUD?
Also how can I save Identities to Claims (ASPNetUserClaims) as for example:
- Employee_A Identiy(1) is "Company"
- Create
- Read
- Update
- Delete
- Employee_A Identiy(2) is "Client"
- Create
- Read
How can I read Identities from Claims so they become identities automatically.
Thanks