Policy Based Authorization in ASP.NET Core


Where is the AuthorizationFilterAttribute in ASP.NET Core?

Previously you could simply write a custom Authorization Attribute in ASP.Net for handling the authorization by overriding the OnAuthorization method like this:

For doing the same stuff in ASP.Net core it’s a different approach.
In ASP.Net core you can do the same thing by writing policies.
You can do that as following:

First you need to create an authorization requirement.
That requirement can have several properties (like Role in this example).

For checking this requirement, we need to write a handler.

In this Handler we get the requirement and we can check this requirement with our Context.
For the usage of this requirement and policy, we need to define them in our startup file.

Finally we can set the policy on our controller.

 

With this approach you’ll be able to do the same stuff in asp.net core.

Happy coding.