Custom Authorization Requirements
Build custom requirements and handlers.
When Built-ins Are Not Enough
Some rules cannot be expressed with RequireRole or RequireClaim - for example "must be at least 18" or "must own this resource".
For these you write a custom requirement plus a handler.
// Rule: user must be older than a configurable minimum ageIAuthorizationRequirement
A requirement is a marker that carries the rule's data. It implements the empty IAuthorizationRequirement interface.
public class MinimumAgeRequirement : IAuthorizationRequirement
{
public int MinimumAge { get; }
public MinimumAgeRequirement(int minimumAge) =>
MinimumAge = minimumAge;
}All lessons in this course
- Role-Based Authorization
- Claims-Based Authorization
- Policy-Based Authorization
- Custom Authorization Requirements