An example to make it more clear what I mean:
User U1 creates a blog
B1 and only this user will have access to edit/view and delete it initially.
Now user U2 applies for viewing/editing rights for blog B1(Could be via a button). The request will then be confirmed/denied by the ownerU1.
After confirmation is done, user U2 will now have the rights to view/edit blogB1.
I want to use as much of Asp.Net Core Identity, Entity Framework, Action-Attributes and other Built-in tools/frameworks as possible in order to avoid to much custom code.
I am not an expert in any of the authorization tools, claims, roles, resources, policies but I have read about all of them and I cant seem to connect/combine one or more of them to resolve my example above.
Could someone please guide me/give me some feedback on where to begin? Do not hesitate to ask for more information or questions.
My own idea is to create a database that stores user id, authorization type and blog id and then run through that database with a custom authorization handler placed on all actions. But this doesnt strike me as a good solution.