Hi,
Has anyone found a way to implement permissions at runtime? Since users can create roles at runtime, it is critical that they are able to assign permissions to these roles at runtime too. It is not practical for developers assigning permissions via code, compile and deploy anytime there is a need for permissions to change.
Anyone with a working implementation?
Usually you do not add pages at runtime and thatβs why you cannot add permissions runtime. What you can do is to set roles for certain pages and later add/remove users to/from these roles.
@enchev the challenge is that, it is impractical for a developer to control the permissions for a deployed application. It should be done by an admin user through the interface.
Radzen is such a phenomenal product. The only setback is the permissions side. There are ways to implement permissions at runtime and I have followed a good tutorial a few months ago to do so in a web api project using jwt. My challenge here is that, I do not fully understand the setup of radzen to be able to attempt that implementation especially if I am using jwt with identity core.
Having permissions done at runtime will be a game changer for radzen. Thank you guys for the phenomenal work you are doing with radzen.
What I think you are looking for is to implement Policy based permission, instead of Roles.
[Authorize(Policy = "admin-policy")]
Refer to this article:
Configuring Policy-based Authorization with Blazor (chrissainty.com)
@ggrewe yes something more similar to this. Mukesh, a software developer has a more dynamic way of implementing the policy based authorization in an article. I have followed it and implemented the idea in a web api project. I will take time to go through the articles you have provided to see if it will point me in the right direction to try something similar with radzen.
Have you tried implementing this in radzen yourself?
Not in Radzen, but with Blazor and other web projects, I have implemented Polices on many occasions.
Another option for you might be to a create table in the database with all the page names, then allow Administrators to associate a Role or Policy for each page.
When navigating to a page, you would call some function to select the Roles associated with the page and store those values in property on the page, then change your Authorize attribute to reference the property, something like:
[Authorize(Role = @Page.Property)]
You would probably need to call the function to populate the Roles in the SetParameters or OnInitialze Lifecycle methods. I have not tested this though.
I don't think this would work as roles must be known at compile time.
Dynamic roles and permissions are not supported in Radzen applications out of the box just as they aren't supported by ASP.NET Core Identity by default. One has to implement a custom policy which then needs to get roles from database and authorize the current request. We don't have a ready solution for this but anything that works in a regular Blazor app should work in one created with Radzen Blazor Studio.
Oh ya, that is what I get for working on a Saturday without coffee.