filmov
tv
Policy-based Authorization in ASP.Net Core (with Custom Authorization Handler)
Показать описание
In my last video, I walked through how to implement Role-based authorization in an ASP.Net Core application. In this video, I will walk through how to implement Policy-based authorization in an ASP.Net Core application.
With role-based authorization, flexibility is very limited. It is just a role can either access a resource or it cannot. If we want to do some custom logic irrespective of the role and based on that authorize an identity, we need policy-based authorization.
In policy-based authorization, a policy consists of two main parts:
1. One or more requirements. The requirement of a policy is a data collection the policy handler uses to implement the logic of the policy.
2. And each requirement contains a handler. Most importantly, the handler is responsible for doing the logic for the authorization checks.
Another place where policy-based authorization comes really handy is when you have multiple roles in an application. Passing different permutation and a combination of roles in the AuthorizeAttribute attribute is cumbersome. And we can easily create policy based on multiple role combinations.
With role-based authorization, flexibility is very limited. It is just a role can either access a resource or it cannot. If we want to do some custom logic irrespective of the role and based on that authorize an identity, we need policy-based authorization.
In policy-based authorization, a policy consists of two main parts:
1. One or more requirements. The requirement of a policy is a data collection the policy handler uses to implement the logic of the policy.
2. And each requirement contains a handler. Most importantly, the handler is responsible for doing the logic for the authorization checks.
Another place where policy-based authorization comes really handy is when you have multiple roles in an application. Passing different permutation and a combination of roles in the AuthorizeAttribute attribute is cumbersome. And we can easily create policy based on multiple role combinations.
Комментарии