Check the validity of the user role #24311
Unanswered
AliRezaBeigy
asked this question in
General
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hi all
Today we face two problems
in the first instance when a user(A) with Owner role remove the Admin role from a user(B)
the B can access to the actions need Admin role because the authorization is role base
this problem can be resolved by using policy-based authorization
in the second instance, the frond-end project need to find out what is the user role to show him some options
someone suggest we can assign user roles to cookie with a middleware
but it has a lot of costs because for each request we should execute a database query(the role in the token is not up to date when admin assign a new role to the user)
is there any correct approach or suggestion for the above problems?
Beta Was this translation helpful? Give feedback.
All reactions