No trespassing sign

Using a middleware to build a permission-based identity in ASP.NET Core

This post is the first in a series about Authorization in ASP.NET Core. I’ll guide you through a series of approaches you can use to implement authorization in your ASP.NET Core APIs, focusing on advanced/real-world scenarios. Here’s a sneak peek for what I plan to show you: Where to store and resolve authorization-like data How to protect your API endpoints using permission-based authorization using the built-in types in the framework Reduce duplication and make things smarter by implementing a custom Authentication Handler....

March 6, 2021 · 11 min · Joao Grassi
Barbed wire on a green background

Encapsulating getting access tokens from IdentityServer with a typed HttpClient and MessageHandler

Recently, I had to interact with an external API which is protected by JWT Bearer Tokens. For this, I had to get an access_token first and then set it to each request. But, this can get quite tedious very soon even if you just do it a few times. In the end, I wanted an implementation that encapsulated the need for developers to worry about getting access tokens prior to communicating with the API....

March 6, 2019 · 13 min · Joao Grassi