From 53dca0457691e2db112296b9d87cc63a4851561a Mon Sep 17 00:00:00 2001 From: Marco Thomazini Date: Wed, 11 Oct 2017 10:15:12 -0300 Subject: [PATCH] Update ReadMe.md --- ReadMe.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ReadMe.md b/ReadMe.md index 918c463..b977249 100644 --- a/ReadMe.md +++ b/ReadMe.md @@ -4,7 +4,7 @@ ASP.NET Core Authentication and Authorization Sample Overview -------- -This sample demonstrates a simple authentication and authorization scenario in ASP.NET Core using JWT bearer tokens. The code is the same as descrbied in the blog posts [ASP.NET Core Authentication with IdentityServer4](https://blogs.msdn.microsoft.com/webdev/2017/01/23/asp-net-core-authentication-with-identityserver4/) and [JWT Validation and Authorization in ASP.NET Core](https://blogs.msdn.microsoft.com/webdev/2017/04/06/jwt-validation-and-authorization-in-asp-net-core/). +This sample demonstrates a simple authentication and authorization scenario in ASP.NET Core using JWT bearer tokens. The code is the same as described in the blog posts [ASP.NET Core Authentication with IdentityServer4](https://blogs.msdn.microsoft.com/webdev/2017/01/23/asp-net-core-authentication-with-identityserver4/) and [JWT Validation and Authorization in ASP.NET Core](https://blogs.msdn.microsoft.com/webdev/2017/04/06/jwt-validation-and-authorization-in-asp-net-core/). The IdentityServer4Authentication project contains a simple MVC app that allows users to register or login (using ASP.NET Core Identity). It then uses [IdentityServer4](http://docs.identityserver.io/en/release/) to set up a JWT-based authentication service using a basic [OAuth2.0 resource-owner password flow](https://tools.ietf.org/html/rfc6749#section-1.3.3). @@ -65,4 +65,4 @@ Authorization The IdentityServer4Authentication service does not perform any authorization as its only functions are to register users and provide login and token-issuing mechanisms. The WebClient service, though, makes use of ASP.NET Core authorization in a few diffferent ways: 1. Some APIs are protected with [role based authorization](https://docs.microsoft.com/en-us/aspnet/core/security/authorization/roles) which looks at users' roles (based on the role claim in JWT tokens) to determine whether they can access the APIs. This authorization option is easy-to-use and works immediately with ASP.NET Core Identity or security tokens with a role claim. -1. There is also a somewhat contrived usage of [custom policy-based authorization](https://docs.microsoft.com/en-us/aspnet/core/security/authorization/policies) in the `MaximumOfficeNumberRequirement` and `MaximumOfficeNumberAuthorizationHandler` types. These types are registered in Startup.cs and define a custom authorization requirement (which is satisified by `MaximumOfficeNumberAuthorizationHandler`). A custom policy is registered using the MaximumOfficeNumberRequirement which limits access to attributed APIs to users who satisfy the "office number <= 400" requirement. The `MaximumOfficeNumberAuthorizationHandler` contains the implementation of how to check whether the authorization requirement is satisfied. The authorization requirement can be applied to a type or method with an authorization attribute: `[Authorize(Policy = "OfficeNumberUnder400")]`. \ No newline at end of file +1. There is also a somewhat contrived usage of [custom policy-based authorization](https://docs.microsoft.com/en-us/aspnet/core/security/authorization/policies) in the `MaximumOfficeNumberRequirement` and `MaximumOfficeNumberAuthorizationHandler` types. These types are registered in Startup.cs and define a custom authorization requirement (which is satisified by `MaximumOfficeNumberAuthorizationHandler`). A custom policy is registered using the MaximumOfficeNumberRequirement which limits access to attributed APIs to users who satisfy the "office number <= 400" requirement. The `MaximumOfficeNumberAuthorizationHandler` contains the implementation of how to check whether the authorization requirement is satisfied. The authorization requirement can be applied to a type or method with an authorization attribute: `[Authorize(Policy = "OfficeNumberUnder400")]`.