JWT Token based Authorization with user permission Asp.net core 2.0

0
votes

I, have created a JWT token with claim as permission Read or Write or Delete as shown in the figure below.

permission

Now, both the Admin/Normal User log on to the system. Admin and normal user get the token and store in the local storage.

For the first time the normal user won't get Read/Write/Create/Delete UI controls. The token expire time is 2 min.

Now the admin change the permission for the normal user in the database as below permission.

Since, the token is not expire for the normal user. Still he can't read and write. The logic works if token expire then user login again then he can view the read/write UI control

How can I, achieve this simultaneously with permission changes by admin.

Some of the reference link https://jonhilton.net/identify-users-permissions-with-jwts-and-asp-net-core-webapi/

https://www.jerriepelser.com/blog/using-roles-with-the-jwt-middleware/

1
c#asp.net-corejwt
How about only store roles in JWT but not the actual permission, then control permission in server side when rendering?William Chong
I need to refresh Angular UI component as well not only webapi thingsSan Jaisy

1 Answers

0
votes

As this logic is handling in the server you need to inform the UI of a change in permissions for that user. In this situation something like SignalR which is really easy to get working with .NET Core would work perfectly. This can alert the UI of a change in the permissions and go and get the user another JWT token passed through websockets events, which unlocks the UI logic. This then can be re-saved in local storage for that user (obviously if there currently using the platform)

https://docs.microsoft.com/en-us/aspnet/core/signalr/dotnet-client?view=aspnetcore-2.1

I do not think there a prebuilt way in JWT to do what you are trying to do, JWT creates the tokens for authenticated users. It is up to you to expiry and create new valid tokens with valid permissions.