ASP.NET Core
A set of technologies in the .NET Framework for building web applications and XML web services.
4,816 questions
Resource based authorization done in API gateway, how to filter resources based on permissions in API?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 27%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDN%3C/text%3E%3C/svg%3E)
Damian Nizio
0
Reputation points
Hello. I have created services, which are edge-authorized on API Gateway. In theory, my services should know nothing of authorization.
Now, If i get permissions for let's say /resources/1 this is easy, as i can just enforce permit.
But what if my endpoint is /resources and i would like it to retrieve user's only permission?
Would i need to propagate permissions from api gateway to my specific service?
How to model system like this? Is there any better way to do this, or just ditch permissions in api gateway and move them to my services, so coarse-grained authz would happen on api gateway (Roles can access some endpoints, some not), while resource-based (Fine-grained authz) would happen in services?
ASP.NET Core
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous2023-10-13T07:29:48.2566667+00:00 Hi @Damian Nizio ,for your scenario, have you tried policy based authorization?
Sign in to comment
Sign in to answer