JWT Token based Authorization with user permission Asp.net core 2.0
Question
I, have created a JWT token with claim as permission Read or Write or Delete as shown in the figure below.
Now, both the Admin/Normal User log on to the system. Admin and normal user get the token and store in the local storage.
For the first time the normal user won't get Read/Write/Create/Delete UI controls. The token expire time is 2 min.
Now the admin change the permission for the normal user in the database as below .
Since, the token is not expire for the normal user. Still he can't read and write. The logic works if token expire then user login again then he can view the read/write UI control
How can I, achieve this simultaneously with permission changes by admin.
Some of the reference link https://jonhilton.net/identify-users-permissions-with-jwts-and-asp-net-core-webapi/
https://www.jerriepelser.com/blog/using-roles-with-the-jwt-middleware/
1 answers
solution1
0 2018-07-17 11:24:28
As this logic is handling in the server you need to inform the UI of a change in permissions for that user. In this situation something like SignalR which is really easy to get working with .NET Core would work perfectly. This can alert the UI of a change in the permissions and go and get the user another JWT token passed through websockets events, which unlocks the UI logic. This then can be re-saved in local storage for that user (obviously if there currently using the platform)
https://docs.microsoft.com/en-us/aspnet/core/signalr/dotnet-client?view=aspnetcore-2.1
I do not think there a prebuilt way in JWT to do what you are trying to do, JWT creates the tokens for authenticated users. It is up to you to expiry and create new valid tokens with valid permissions.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.