<\/div>\n

Merhaba,<\/p>\n

Asp.NET Core Identity yaz\u0131 dizimizin 14. makalesinde, uygulamam\u0131zda kullan\u0131c\u0131lar\u0131 belirli yetkiler do\u011frultusunda y\u00f6nlendirebilmek ve sayfa odakl\u0131 eri\u015fim durumlar\u0131na m\u00fcdahale edebilmek i\u00e7in rol y\u00f6netimi \u00fczerine konu\u015faca\u011f\u0131z.<\/p>\n

Rol Bazl\u0131 Yetkilendirme Nedir? Roles Based Authorization<\/span><\/h4>\n

Rol bazl\u0131 yetkilendirme, yukar\u0131daki giri\u015f c\u00fcmlesinde de ifade etmeye \u00e7al\u0131\u015ft\u0131\u011f\u0131m gibi kullan\u0131c\u0131lar\u0131n belli ba\u015fl\u0131 sayfalara eri\u015fimini belirlememizi sa\u011flayan ve bunun i\u00e7in roller tan\u0131mlayarak yetkilendirme yapmam\u0131za imkan tan\u0131yan bir stratejidir.<\/p>\n

\u015e\u00f6yle basit bir \u00f6rnekle metafor yaparsak e\u011fer; ila\u00e7 almaya gitti\u011finiz eczanenin arka odas\u0131n\u0131n kap\u0131s\u0131nda “Personel Harici Giremez!” uyar\u0131s\u0131 g\u00f6rm\u00fc\u015fs\u00fcn\u00fczd\u00fcr. Ha i\u015fte, o odaya eri\u015febilmek i\u00e7in o eczanede “Personel” rol\u00fcne sahip olman\u0131z gerekmektedir. E\u011fer ki d\u0131\u015far\u0131dan gelen m\u00fc\u015fteri iseniz ne yaz\u0131k ki o odaya giremezsiniz.<\/p>\n

Web uygulamalar\u0131nda da benzer mant\u0131k ge\u00e7erlidir ve kullan\u0131c\u0131lara rol odakl\u0131 sayfa eri\u015fimleri sa\u011flanmaktad\u0131r. \u00d6rne\u011fin; Maliye bakanl\u0131\u011f\u0131n\u0131n otomasyonunda “B\u00fct\u00e7e” sayfas\u0131na sade ve sadece “Director” ya da “Manager” rol\u00fcne sahip olan kullan\u0131c\u0131lar eri\u015febilirken, “\u015eehirler” sayfas\u0131na herkes eri\u015febilmektedir.<\/p>\n

RoleManager S\u0131n\u0131f\u0131<\/h4>\n
Asp.NET Core Identity mekanizmas\u0131nda uygulamaya dair t\u00fcm rol y\u00f6netimini RoleManager s\u0131n\u0131f\u0131 \u00fcstlenmektedir. Rol ekleme, silme, g\u00fcncelleme ve listeleme sorumluluklar\u0131n\u0131 ger\u00e7ekle\u015ftirmektedir.<\/p>\n

IdentityRole S\u0131n\u0131f\u0131 \u0130le Rol Entitysi Tan\u0131mlama<\/h4>\n

Uygulamada bir rol entitysi tan\u0131mlayabilmek i\u00e7in ilgili s\u0131n\u0131f\u0131n “IdentityRole” s\u0131n\u0131f\u0131ndan t\u00fcremesi gerekmektedir.<\/p>\n

\r\n    public class AppRole : IdentityRole<int>\r\n    {\r\n        public DateTime OlusturulmaTarihi { get; set; }\r\n    }\r\n<\/pre>\nVe bu rol s\u0131n\u0131f\u0131 uygulamadaki Context nesnesinin “IdentityDbContext” base class\u0131na a\u015fa\u011f\u0131daki gibi bildirilmesi gerekmektedir.<\/p>\n
\r\n    public class AppDbContext : IdentityDbContext<AppUser, AppRole, int>\r\n    {\r\n        public AppDbContext(DbContextOptions<AppDbContext> dbContext) : base(dbContext) { }\r\n    }\r\n<\/pre>\nAyr\u0131ca yine ilgili s\u0131n\u0131f\u0131n Startup dosyas\u0131nda da AddIdentity fonksiyonu ile a\u015fa\u011f\u0131daki gibi belirtilmesi gerekmektedir.<\/p>\n
\r\n        public void ConfigureServices(IServiceCollection services)\r\n        {\r\n            services.AddIdentity<AppUser, AppRole>(_ =>\r\n            {\r\n                .\r\n                .\r\n                .\r\n            }\r\n        }\r\n<\/pre>\nRol Olu\u015fturma<\/h5>\nRol olu\u015fturabilmek i\u00e7in RoleManager s\u0131n\u0131f\u0131n\u0131n “Create” metodunu a\u015fa\u011f\u0131daki gibi kullanabiliriz.<\/p>\n
\r\n    public class RoleController : Controller\r\n    {\r\n        readonly RoleManager<AppRole> _roleManager;\r\n        public RoleController(RoleManager<AppRole> roleManager)\r\n        {\r\n            _roleManager = roleManager;\r\n        }\r\n        .\r\n        .\r\n        .\r\n        [HttpPost]\r\n        public async Task<IActionResult> CreateRole(RoleViewModel model)\r\n        {\r\n            IdentityResult result = await _roleManager.CreateAsync(new AppRole { Name = model.Name, OlusturulmaTarihi = DateTime.Now });\r\n            if (result.Succeeded)\r\n            {\r\n                \/\/Ba\u015far\u0131l\u0131...\r\n            }\r\n            return View();\r\n        }\r\n    }\r\n<\/pre>\nRol G\u00fcncelleme<\/h5>\nOlu\u015fturulmu\u015f rol\u00fc g\u00fcncelleyebilmek i\u00e7in 16. sat\u0131rda oldu\u011fu gibi “Update” metodunu kullanabiliriz.<\/p>\n
\r\n    public class RoleController : Controller\r\n    {\r\n        readonly RoleManager<AppRole> _roleManager;\r\n        public RoleController(RoleManager<AppRole> roleManager)\r\n        {\r\n            _roleManager = roleManager;\r\n        }\r\n        [HttpPost]\r\n        public async Task<IActionResult> CreateRole(RoleViewModel model, string id)\r\n        {\r\n            IdentityResult result = null;\r\n            if (id != null)\r\n            {\r\n                AppRole role = await _roleManager.FindByIdAsync(id);\r\n                role.Name = model.Name;\r\n                result = await _roleManager.UpdateAsync(role);\r\n            }\r\n            else\r\n                result = await _roleManager.CreateAsync(new AppRole { Name = model.Name, OlusturulmaTarihi = DateTime.Now });\r\n\r\n            if (result.Succeeded)\r\n            {\r\n                \/\/Ba\u015far\u0131l\u0131...\r\n            }\r\n            return View();\r\n        }\r\n    }\r\n<\/pre>\nRol Silme<\/h5>\nRol silmek istedi\u011fimizde ise Delete fonksiyonunu a\u015fa\u011f\u0131daki gibi kullanmam\u0131z yeterlidir.<\/p>\n
\r\n    public class RoleController : Controller\r\n    {\r\n        readonly RoleManager<AppRole> _roleManager;\r\n        public RoleController(RoleManager<AppRole> roleManager)\r\n        {\r\n            _roleManager = roleManager;\r\n        }\r\n        .\r\n        .\r\n        .\r\n        public async Task<IActionResult> DeleteRole(string id)\r\n        {\r\n            AppRole role = await _roleManager.FindByIdAsync(id);\r\n            IdentityResult result = await _roleManager.DeleteAsync(role);\r\n            if (result.Succeeded)\r\n            {\r\n                \/\/Ba\u015far\u0131l\u0131...\r\n            }\r\n            return RedirectToAction("Index");\r\n        }\r\n    }\r\n<\/pre>\nRolleri Listeleme<\/h5>\nT\u00fcm rolleri elde etmek ve listeleyebilmek i\u00e7in direkt olarak RoleManager nesnesinin Roles propertysini kullanabilirsiniz.<\/p>\n
\r\n        public IActionResult Index()\r\n        {\r\n            return View(_roleManager.Roles.ToList());\r\n        }\r\n<\/pre>\nKullan\u0131c\u0131lara Rol Atama<\/h5>\nTan\u0131mlanm\u0131\u015f rolleri uygulamadaki kullan\u0131c\u0131lara atayarak bir nevi kullan\u0131c\u0131 yetkilendirme i\u015flemini ger\u00e7ekle\u015ftirebilmek i\u00e7in UserManager nesnesinin AddToRole metodu kullan\u0131lmaktad\u0131r.<\/p>\n
\r\n        public async Task<IActionResult> RoleAssign(string id)\r\n        {\r\n            AppUser user = await _userManager.FindByIdAsync(id);\r\n\r\n            await _userManager.AddToRoleAsync(user, "Administrator");\r\n            await _userManager.AddToRoleAsync(user, "Moderator");\r\n            await _userManager.AddToRoleAsync(user, "Editor");\r\n            await _userManager.AddToRoleAsync(user, "tor");\r\n            return View();\r\n        }\r\n<\/pre>\nBurada dikkat edilmesi gereken husus her bir rol\u00fcn \u00f6nceden tan\u0131mlanm\u0131\u015f olmas\u0131 gerekmektedir. Aksi taktirde hatayla kar\u015f\u0131lanacakt\u0131r.<\/p>\n
Rol atamay\u0131 daha i\u015flevsel olarak nas\u0131l yapabiliriz?<\/strong> sorusunu sordu\u011funuzu duyar gibiyim…
\nEvet, san\u0131r\u0131m uygulamada tan\u0131mlanm\u0131\u015f\/tan\u0131mlanacak rolleri yukar\u0131daki gibi statik olarak \u00f6nceden tahmin etmenizi beklemek ve daha da tuhaf\u0131 bu tan\u0131mlamalar\u0131 t\u00fcm kullan\u0131c\u0131lar i\u00e7in ger\u00e7ekle\u015ftirmek yersiz olacakt\u0131r… Muhtemeldir ki sizde hak vereceksiniz buradaki en do\u011fru aksiyon rol atamak istedi\u011fimiz kullan\u0131c\u0131ya t\u0131klad\u0131\u011f\u0131m\u0131z zaman t\u00fcm rollerin listelenmesi ve hatta bu listede ilgili kullan\u0131c\u0131yla ili\u015fkilendirilmi\u015f \u00f6nceki rollerin se\u00e7ili gelmesi ve aralar\u0131ndan se\u00e7tiklerimizin ilgili kullan\u0131c\u0131yla ili\u015fkilendirilmesi olacakt\u0131r.<\/p>\n
Bunun i\u00e7in her\u015feyden \u00f6nce hangi rol\u00fcn se\u00e7ildi\u011fine dair bilgi ta\u015f\u0131yacak olan ViewModeli geli\u015ftirmek gerekmektedir…<\/p>\n
\r\n    public class RoleAssignViewModel\r\n    {\r\n        public int RoleId { get; set; }\r\n        public string RoleName { get; set; }\r\n        public bool HasAssign { get; set; }\r\n    }\r\n<\/pre>\nYukar\u0131daki viewmodeli incelerseniz e\u011fer role dair id ve name de\u011ferlerini tutmakla birlikte o anki rol\u00fcn ilgili kullan\u0131c\u0131ya atan\u0131p atanmad\u0131\u011f\u0131 bilgisini de(HasAssign) tutmaktad\u0131r. \u015eimdi yapmam\u0131z gereken kullan\u0131c\u0131ya rol ekleme sayfas\u0131 olu\u015fturarak, t\u00fcm rolleri orada se\u00e7ilebilir bir \u015fekilde listelemek ve biryandan da kullan\u0131c\u0131yla ili\u015fkili rol varsa i\u015faretli bir \u015fekilde getirmektir. Akabinde se\u00e7ilen t\u00fcm rolleri kullan\u0131c\u0131yla ili\u015fkilendirerek atama i\u015flemini sonland\u0131raca\u011f\u0131z.<\/p>\n
\r\n    public class RoleController : Controller\r\n    {\r\n        readonly RoleManager<AppRole> _roleManager;\r\n        readonly UserManager<AppUser> _userManager;\r\n        public RoleController(RoleManager<AppRole> roleManager, UserManager<AppUser> userManager)\r\n        {\r\n            _roleManager = roleManager;\r\n            _userManager = userManager;\r\n        }\r\n        public async Task<IActionResult> RoleAssign(string id)\r\n        {\r\n            AppUser user = await _userManager.FindByIdAsync(id);\r\n            List<AppRole> allRoles = _roleManager.Roles.ToList();\r\n            List<string> userRoles = await _userManager.GetRolesAsync(user) as List<string>;\r\n            List<RoleAssignViewModel> assignRoles = new List<RoleAssignViewModel>();\r\n            allRoles.ForEach(role => assignRoles.Add(new RoleAssignViewModel\r\n            {\r\n                HasAssign = userRoles.Contains(role.Name),\r\n                RoleId = role.Id,\r\n                RoleName = role.Name\r\n            }));\r\n\r\n            return View(assignRoles);\r\n        }\r\n        [HttpPost]\r\n        public async Task<ActionResult> RoleAssign(List<RoleAssignViewModel> modelList, string id)\r\n        {\r\n            AppUser user = await _userManager.FindByIdAsync(id);\r\n            foreach (RoleAssignViewModel role in modelList)\r\n            {\r\n                if (role.HasAssign)\r\n                    await _userManager.AddToRoleAsync(user, role.RoleName);\r\n                else\r\n                    await _userManager.RemoveFromRoleAsync(user, role.RoleName);\r\n            }\r\n            return RedirectToAction("Index", "User");\r\n        }\r\n    .\r\n    .\r\n    .\r\n    \/\/di\u011fer actionlar\r\n    .\r\n    .\r\n    .\r\n    }\r\n<\/pre>\nYukar\u0131daki kod blo\u011funu incelerseniz e\u011fer; 13. sat\u0131rda uygulamadaki t\u00fcm rolleri, 14. sat\u0131rda ise o an yetki atanacak olan kullan\u0131c\u0131n\u0131n mevcut t\u00fcm rollerini elde edip ard\u0131ndan bu bilgileri bir ad\u0131m \u00f6nce olu\u015fturdu\u011fumuz “RoleAssignViewModel” isimli viewmodel nesnelerine atayarak view’e g\u00f6nderiyoruz. Kullan\u0131c\u0131ya dair view’de yap\u0131lan se\u00e7im neticesinde eklenen roller 32. sat\u0131rda oldu\u011fu gibi “AddToRoleAsync” metodu ile kullan\u0131c\u0131yla ili\u015fkilendiriliyor yahut al\u0131nan yetkiler ise 34. sat\u0131rda “RemoveFromRoleAsync” metoduyla kullan\u0131c\u0131dan siliniyor. \u0130lgili view kayna\u011f\u0131n\u0131da g\u00f6rmek isterseniz a\u015fa\u011f\u0131daki kod blo\u011funu inceleyebilirsiniz.<\/p>\n
\r\n@model List<AspNetCoreIdentityExample.Models.ViewModels.RoleAssignViewModel>\r\n@addTagHelper *, Microsoft.AspNetCore.Mvc.TagHelpers\r\n<h1>Role Assign<\/h1>\r\n<form asp-action="RoleAssign" asp-controller="Role">\r\n    <table class="table">\r\n        <thead>\r\n            <tr>\r\n                <th>\r\n                <\/th>\r\n                <th>\r\n                    Role Name\r\n                <\/th>\r\n            <\/tr>\r\n        <\/thead>\r\n        <tbody>\r\n            @for (int i = 0; i < Model.Count; i++)\r\n            {\r\n                <tr>\r\n                    <td><input type="checkbox" asp-for="@Model[i].HasAssign" \/> <\/td>\r\n                    <td>\r\n                        @Model[i].RoleName\r\n                        <input type="hidden" asp-for="@Model[i].RoleId" \/>\r\n                        <input type="hidden" asp-for="@Model[i].RoleName" \/>\r\n                    <\/td>\r\n                <\/tr>\r\n            }\r\n            <tr>\r\n                <td colspan="2">\r\n                    <button>Rol Ata<\/button>\r\n                <\/td>\r\n            <\/tr>\r\n        <\/tbody>\r\n    <\/table>\r\n\r\n<\/form>\r\n<\/pre>\n<\/a><\/p>\n
Bu noktadan itibaren bir sonraki i\u00e7eri\u011fimizde sayfa yetkilendirme(authorization) i\u015flemini ele alaca\u011f\u0131z.<\/p>\n
O halde \u015fimdilik g\u00f6r\u00fc\u015fmek \u00fczere diyelim…<\/p>\n
\u0130lgilenenlerin faydalanmas\u0131 dile\u011fiyle…
\n\u0130yi \u00e7al\u0131\u015fmalar…<\/p>\n
Not : \u00d6rnek projeyi indirmek i\u00e7in buraya t\u0131klay\u0131n\u0131z<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"
Merhaba, Asp.NET Core Identity yaz\u0131 dizimizin 14. makalesinde, uygulamam\u0131zda kullan\u0131c\u0131lar\u0131 belirli yetkiler do\u011frultusunda y\u00f6nlendirebilmek ve sayfa odakl\u0131 eri\u015fim durumlar\u0131na m\u00fcdahale edebilmek i\u00e7in rol y\u00f6netimi \u00fczerine konu\u015faca\u011f\u0131z. Rol Bazl\u0131 Yetkilendirme Nedir? Roles Based Authorization Rol...<\/p>\n","protected":false},"author":1,"featured_media":11583,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2668,2656,2811,2832,2898],"tags":[3014,3015,3013,3012],"class_list":["post-12051","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-asp-net-core-2","category-asp-net-core-2-mvc","category-asp-net-core-2-1","category-asp-net-core-2-2","category-asp-net-core-3-0","tag-asp-net-core-identity-rolemanager","tag-identity-rolemanager","tag-rolemanager","tag-roles-based-authorization"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.gencayyildiz.com\/blog\/wp-json\/wp\/v2\/posts\/12051","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.gencayyildiz.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.gencayyildiz.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.gencayyildiz.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.gencayyildiz.com\/blog\/wp-json\/wp\/v2\/comments?post=12051"}],"version-history":[{"count":40,"href":"https:\/\/www.gencayyildiz.com\/blog\/wp-json\/wp\/v2\/posts\/12051\/revisions"}],"predecessor-version":[{"id":12099,"href":"https:\/\/www.gencayyildiz.com\/blog\/wp-json\/wp\/v2\/posts\/12051\/revisions\/12099"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.gencayyildiz.com\/blog\/wp-json\/wp\/v2\/media\/11583"}],"wp:attachment":[{"href":"https:\/\/www.gencayyildiz.com\/blog\/wp-json\/wp\/v2\/media?parent=12051"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.gencayyildiz.com\/blog\/wp-json\/wp\/v2\/categories?post=12051"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.gencayyildiz.com\/blog\/wp-json\/wp\/v2\/tags?post=12051"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

RoleManager S\u0131n\u0131f\u0131<\/h4>\nAsp.NET Core Identity mekanizmas\u0131nda uygulamaya dair t\u00fcm rol y\u00f6netimini RoleManager s\u0131n\u0131f\u0131 \u00fcstlenmektedir. Rol ekleme, silme, g\u00fcncelleme ve listeleme sorumluluklar\u0131n\u0131 ger\u00e7ekle\u015ftirmektedir.<\/p>\n

RoleManager S\u0131n\u0131f\u0131<\/h4>\n
Asp.NET Core Identity mekanizmas\u0131nda uygulamaya dair t\u00fcm rol y\u00f6netimini RoleManager s\u0131n\u0131f\u0131 \u00fcstlenmektedir. Rol ekleme, silme, g\u00fcncelleme ve listeleme sorumluluklar\u0131n\u0131 ger\u00e7ekle\u015ftirmektedir.<\/p>\n