0

I'm implementing a restaurant management micro-service using CQRS pattern. The read and write databases are separated and eventually become consistent by async events using an event bus.

Now I want to create an Authorization policy that checks if the current user is a restaurant owner or not. I didn't want to query the identity service for current roles because this seems to be responsibility of restaurant domain, and I also don't want to be coupled to the identity service by using sync API calls.

  1. Now the problem is that how I should fetch the data? Should I always use the write database?

    Or I should implement two policies for queries and commands, where the query controller uses read database and the write controller will use write database.

  2. How should I handle the eventually consistency issue at the read side?

Improve this question
3
  • You can keep the user role and identity in the session cookie, if you use that approach. I described this a bit in my blog post here nestenius.se/net/… By doing this, you don't need to lookup the identity on each request. Commented Dec 8, 2024 at 6:53
  • The problem is that Im using JWT tokens, first I will need to raise an event to the identity service to add the new role, and the client need to refresh the token, client might do the refreshing just before identity receiving the role event, in this case, JWT wont contain the new role Commented Dec 8, 2024 at 7:25
  • I would keep it simple, ask the user to signout and signin after changing the roles. The number of times you change roles is usually quite few... So, so perhaps not worth automating? The alterantive is to clear the token store you use, like I explian in this blog post nestenius.se/net/… Commented Dec 8, 2024 at 12:28
Related questions
2191
How do I create an Excel (.XLS and .XLSX) file in C# without installing Microsoft Office?
1866
What is a NullReferenceException, and how do I fix it?
1424
How and when to use ‘async’ and ‘await’
Load 6 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.