Policy-based Authorization in ASP.Net Core (with Custom Authorization Handler)

Опубликовано: 13 Октябрь 2024
на канале: DotNet Core Central

25,671

354

In my last video, I walked through how to implement Role-based authorization in an ASP.Net Core application. In this video, I will walk through how to implement Policy-based authorization in an ASP.Net Core application.

With role-based authorization, flexibility is very limited. It is just a role can either access a resource or it cannot. If we want to do some custom logic irrespective of the role and based on that authorize an identity, we need policy-based authorization.

In policy-based authorization, a policy consists of two main parts:

1. One or more requirements. The requirement of a policy is a data collection the policy handler uses to implement the logic of the policy.
2. And each requirement contains a handler. Most importantly, the handler is responsible for doing the logic for the authorization checks.

Another place where policy-based authorization comes really handy is when you have multiple roles in an application. Passing different permutation and a combination of roles in the AuthorizeAttribute attribute is cumbersome. And we can easily create policy based on multiple role combinations.

Blog: https://dotnetcorecentral.com/blog/as...