Support us .Net Basics C# SQL ASP.NET Aarvi MVC Slides C# Programs Subscribe Download

Claims based authorization in core

Suggested Videos
Part 91 - Manage user roles in core identity | Text | Slides
Part 92 - Model binding not working on submitting razor view with foreach loop | Text | Slides
Part 93 - Manage user claims in core | Text | Slides


In this video we will discuss Claims based authorization i.e using claims to make access control decisions.

Let's say we have the following 3 claims in our application. 
  1. Create Role
  2. Edit Role
  3. Delete Role

To be able to DELETE a ROLE, the logged-in user must have Delete Role claim, otherwise access should be denied.

Implementing Claims based authorization 

There are 2 simple steps to implement Claims based authorization in core.

  1. Create a claims policy
  2. Use the policy on a controller or a controller action

Creating Claims Policy

Claims are policy based. We create a policy and include one or more claims in that policy. We then need to register the policy. Creating and registering a claims policy is typically done in one step in ConfigureServices() method of the Startup class.

services.AddAuthorization(options =>
        policy => policy.RequireClaim("Delete Role"));
  • The options parameter type is AuthorizationOptions
  • Use AddPolicy() method to create the policy
  • The first parameter is the name of the policy and the second parameter is the policy itself
  • To satisfy this policy requirements, the logged-in user must have Delete Role claim
Using Claims Policy for Authorization Checks

The policy can then be used on a controller or a controller action.

[Authorize(Policy = "DeleteRolePolicy")]
public async Task<IActionResult> DeleteRole(string id)
    // Delete Role

To be able to access DeleteRole action, the loggedin user must have Delete Role claim.

Adding Multiple Claims to Policy

To add multiple claims to a given policy, chain RequireClaim() method

services.AddAuthorization(options =>
        policy => policy.RequireClaim("Delete Role")
                        .RequireClaim("Create Role")

To satisfy this policy requirements, the loggedin user must have both the claims core tutorial for beginners

1 comment:

  1. Dear Sir,
    claim/Role based authorization not reflecting immediately,how can i Update Claims/Roles Identity Value without logging out and back in


It would be great if you can help share these free resources