Policy-Based Authorization
Define reusable authorization policies.
The Policy Model
In ASP.NET Core, every authorization check ultimately runs through a policy. Roles and claims attributes are shorthand that build policies behind the scenes.
Defining named policies centralizes your rules and keeps controllers clean.
[Authorize(Policy = "CanManageOrders")]AddAuthorization
Register policies in the service container with AddAuthorization. Each policy is given a unique name.
builder.Services.AddAuthorization(options =>
{
options.AddPolicy("CanManageOrders", policy =>
policy.RequireRole("admin", "sales"));
});All lessons in this course
- Role-Based Authorization
- Claims-Based Authorization
- Policy-Based Authorization
- Custom Authorization Requirements