0Pricing
C# Academy · Lesson

Policy-Based Authorization

Define reusable authorization policies.

The Policy Model

In ASP.NET Core, every authorization check ultimately runs through a policy. Roles and claims attributes are shorthand that build policies behind the scenes.

Defining named policies centralizes your rules and keeps controllers clean.

[Authorize(Policy = "CanManageOrders")]

AddAuthorization

Register policies in the service container with AddAuthorization. Each policy is given a unique name.

builder.Services.AddAuthorization(options =>
{
    options.AddPolicy("CanManageOrders", policy =>
        policy.RequireRole("admin", "sales"));
});

All lessons in this course

  1. Role-Based Authorization
  2. Claims-Based Authorization
  3. Policy-Based Authorization
  4. Custom Authorization Requirements
← Back to C# Academy