General - Authentication/Authorization
SapphireDb has mechanisms to identity users and to control what the user is allowed to do.
Make sure to setup the server before trying to use this options: Server setup
Attributes
SapphireDb includes auth attributes that can be used to control which user can do what.
Every auth-attribute can be used in three ways.
Heredity: If you define AuthAttributes for a base class all sub classes will inherit this attributes until custom attributes of the same type are defined in the subclasses.
- Without attributes: Authentication required
- Policies: A comma separated string of policy-names. All policies have to succeed. Check out Policies for more details
- Function name: You can optionally pass the name of a function in the class that has to return a boolean. The function will get executed to check if the user is allowed for the action.
Heredity: If you define AuthAttributes for a base class all sub classes will inherit this attributes until custom attributes of the same type are defined in the subclasses.
Model attributes
The model attributes can be used on model classes to control which user can do what. Available model attributes:
[QueryAuth], [CreateAuth], [UpdateAuth] and [RemoveAuth].
Action attribute
The
[ActionAuth]-attribute can be used on action handler classes or actions to control which user can do what.
Server options
You can also control the permissions for some actions using the server side configuration. Check out this section for more details: Server - Configuration
Authenticate client
You can authenticate the client using any method you like.
After obtaining a token you want to use for authentication pass it to sapphiredb by calling: this.db.setAuthToken(AuthToken)