I'm rewriting an ASP.NET application that was written 12 years ago, and they used Windows Authentication and role-based authorization. It was written using ASP.NET MVC 4.
The new application is being written in ASP.NET Core 6 using Razor pages (not MVC), and I realize the mechanism that they used has been deprecated.
The old application has users (obviously), user roles (roles assigned to users), roles and permissions for those roles.
When a person is authenticated through Windows sign on, the code looks up the roles assigned to that user, gets the permissions associated with those roles and somehow associates those permissions with the user so that they can do things like:
if (!User.IsInRole("Manage User Accounts"))
"Manage User Accounts" is a permission associated with a role assigned to the user.
They can also decorate controllers or actions to either authorize or not allow users to get to code, like:
[Authorize(Roles = "Manage User Accounts]
Likewise, "Manage User Accounts" is a permission associated with a role assigned to the user.
I should also mention that I have to use Windows Authentication, as that is what the client has requested.
I need to do something like this, but in modern-day code.
I've tried look at tutorials and documentation, and it seems like 95% of them are either MVC or rather old versions of .NET Core (3.x for example).
What I'm looking for is how to accomplish my goal in an ASP.NET 6 Core web app with Razor pages.