I'm currently working on a project with aspnet-core and I have no idea how to handle user permissions. I even have an idea how I can do it (and I already did), but I do not know if it's the best approach possible.
My application (Web Api) has permissions attached to a user and when it enters the application it should proceed to validate their requests from their permissions.
What I do today is to use a [CustomAuthorizeAtribute] that performs the validation of permissions through the request route.
Ex: The user requested produto/get/1 , I search your bank permissions and check if he has permission for the product entity.
Any idea of a better approach?