How is Authorization handled in this microservice approach

[rpostmus]

I've been looking thru the code and i was wondering how the authorization part is working. If I check the Detail endpoint in the WebMVC OrderController.cs file i see that the user needs to be authenticated. It then uses the ordering service to do a http call to the (I think) Ordering Microservice. I think in this step we kind of lose the user and it basically does a sql command to fetch the order. Where in these steps do we check if the order id that is being requested actually belongs to the user?

[behdad088]

Hi @rpostmus
The primary focus of this project appears to be centered around architectural solutions, specifically in the realm of building and effectively managing microservices using .NET Core. However, it is worth noting that certain critical aspects, such as Authorization, have not been adequately addressed or implemented.