Understand Security Context

[mweel1]

If I understand the security context, there are 2 phases currently being implemented.

There is the authorization attribute at the controller level which sets the CurrentUserService.UserId.

Then you an authorization attribute on a command that checks for userid, and roles or claims.

Do I have that correct?

[bramburn]

are you learning asp?
you might want to look at middleware and services and how they work. this would help you understand what is being loaded and checked when the app starts

check this tutorial here:
https://www.youtube.com/watch?v=Fhfvbl_KbWo&list=PLOeFnOV9YBa7dnrjpOG6lMpcyd7Wn7E8V

its long but will explain the majority of it,