...

Authorizing Resources

In this lesson, we will learn how roles and policies based on claims protect access to resources.

We'll cover the following...

Protecting resources
Where to place the AuthorizeAttribute
Checking authorization manually
Defining policies
A simple example

Access to resources can be protected either with data annotations or by checking the user claims with utility methods and interfaces. In the simplest cases, access can be based just on user roles, while more complex cases might require the definition of policies based on claims’ values. In this lesson, we will learn all these techniques, and how to define claims policies.

Protecting resources

Access to resources can be protected with three strategies:

Is the user authenticated? This is easily verified either with the [Authorize] attribute or by checking the User.Identity.IsAuthenticated property of the User property that is available in controllers, views, and in the HttpContext instance that serves the request. The usage of the AuthorizeAttribute will be explained in the next section of this lesson.
The user has the required roles or not. It is worth recalling that roles are values of claims of type ClaimType.Role. Similar constraints are easily verified by listing all required role names, separated by commas, in the ...

Access this course and 1400+ top-rated courses and projects.

Preview Free Lessons→

Preview Free Lessons

Razor Template Language

Razor Language Assessment

Tag Helpers

Tag Helpers Assessment

Controllers and ViewModels

Controllers Assessment

Validation and Metadata

Validation Assessment

Dependency Injection

Configuration and Options Framework

Localization and Globalization

Factoring out UI Logic

Authentication and Authorization

Advanced Topics Assessment

Publishing Your Web Application

Conclusion

Appendix

Authorizing Resources

Protecting resources