SaaS (.net core) and Azure Ad B2C - What is the best approach to handle user defined authorization policies?
Hi there,
I'm trying to find the best (or most common) approach to a feature implementation.
Scenario:
- A multitenant WEB app (SaaS) using Azure AD B2C as the identity provider.
- The SQL database will have an user table with some columns that will be kept in sync with user's Azure AD profile.
This will help us with SQL queries and reports where data is direct associated to an user (which is everywhere).
Then comes the question:
In this app, users will be able to specify authorization roles for their tenants. For example:
Tenant A can create a Staff role that will:
- Give read/write access to contacts
- Read only access to accounts.
We can easily write it to the database but the question becomes how can we plug this custom roles or policies into .net core authorization and do it in a way that won't require a round trip to the database on every request?
Would this be "as simple" as a custom authorization attribute on top of cached user roles and policies (using Redis or some other means)?
Would be nice to know how people are approaching this.