Claims-Based Authorization
Authorize based on user claims.
Beyond Roles
Roles are a special case of claims. Claims-based authorization checks any claim - email, department, subscription tier, a permission flag - not just roles.
This gives you finer control without inventing dozens of roles.
// Claims a user might carry:
// department = sales
// subscription = pro
// email_verified = trueAdding Claims to a Token
Issue whatever claims your authorization rules will inspect. The claim is a type/value pair.
var claims = new List<Claim>
{
new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()),
new Claim("department", "sales"),
new Claim("subscription", "pro"),
new Claim("email_verified", "true")
};All lessons in this course
- Role-Based Authorization
- Claims-Based Authorization
- Policy-Based Authorization
- Custom Authorization Requirements