daveharney (15) [Avatar] Offline
Although it was easy to follow this chapter conceptually, coding is definitely a chore. As I read the book, I'm maintaining my own recipe project that partially mirrors the author's project - I try to add some of the functionality discussed in each chapter. In this case, I added the ability to restrict editing a recipe to just the recipe creator. Following the concepts in the book and borrowing code from the sample - it does work - but it's not trivial.

The good news is that this ability to restrict access based on user id is a very useful bit of functionality and well worth learning.

The only small nit I found is the misnaming of the "IsRecipeOwnercs.cs" class - I'm sure the author meant "IsRecipeOwner.cs". However, it doesn't affect the running of the project.
Andrew Lock (51) [Avatar] Offline
Hi Dave,

There's definitely a lot of moving parts when it comes to Authorization. The requirements/policies/handlers approach really comes into its own as your business requirements get more complicated.

Thanks for the file naming issue, I'll get that fixed.