Check the validity of the user role #24311
Unanswered
AliRezaBeigy
asked this question in
General
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi all
Today we face two problems
in the first instance when a user(A) with Owner role remove the Admin role from a user(B)
the B can access to the actions need Admin role because the authorization is role base
this problem can be resolved by using policy-based authorization
in the second instance, the frond-end project need to find out what is the user role to show him some options
someone suggest we can assign user roles to cookie with a middleware
but it has a lot of costs because for each request we should execute a database query(the role in the token is not up to date when admin assign a new role to the user)
is there any correct approach or suggestion for the above problems?
Beta Was this translation helpful? Give feedback.
All reactions