asp.net core user roles create and storage

Question

My web app has 10 different apps, each having specific roles. The roles are created and stored in a table, outside IdentityRole (AspNetRoles contains only two roles, for site admin and user admin) but when they are assigned, are going to be written in IdentityUserRole (AspNetUserRoles). Is this going to affect security for my site?

Sachin Singh · Answer

for multiple apps, SSO (single sign-on ) is recommended using OAuth and OpenId. For example, if your cloud app provides 10 different apps then anyone can purchase any number of apps, so if a company purchase 3 apps out of 10 then for them single login for all 3 apps seems logical than 3 different login credentials. Although from security perspective your idea is also good and will be no adverse security effect.

Marius Vasile · Answer

I use both [Authorize(Policy = "xxx")] [Authorize(Roles = "yyyyyy")]

Sachin Singh · Answer

yes, you can create a different table for special roles and with a one-to-many relationship with aspnetuser table, the customization can be done with code-first workflow. but the policy-based approach is better than a role-based, a policy can store multiple roles and custom data as per your need.

Marius Vasile · Answer

Thank you Sachin, there will be a single login, on registration each user will have to provide a code representing the company. Later on I can give access to as many apps based on that code (Policy based). I wasn't sure if I can store roles, as a list outside identity tables