Policy-Based Authorization

Get familiar with how policy-based authorization works in ASP.NET Core.

Policy-based authorization works by configuring specific authorization rules that can be as simple or as complex as we want them to be. For example, while a role-based authorization only relies on specific roles being present in the access token, policy-based authorization can be applied in the following ways:

  • When the presence of specific roles is required

  • When the presence of any custom or standard claims is required

  • When a combination of specific roles, claims, etc., is required to be present

  • When a complex custom calculation based on any data in the access token must be applied

In this lesson, we will explore several examples of configuring an authorization policy. All of these are demonstrated by the following playground:

Get hands-on with 1400+ tech skills courses.