Claim-based authorization
A claim is a key-value pair associated with an identity after successful authentication. A claim can be a date of birth, gender, zip code, and so on. One or more claims can be assigned to a user. Claim-based authorization uses the value of a claim and determines whether access to a resource can be granted or not. You can use two approaches to validate a claim, one way is to just check whether the claim exists or not and the other approach is to check whether the claim exists with a particular value.
To use claim-based authorization, we need to register a policy in the ConfigureServices
method of Startup.cs
. You need to pass a claim name and optionally values to the RequireClaim
method to register. For example, the following code registers PremiumContentPolicy
with the requirement of the PremiumUser
claim:
services.AddAuthorization(options => { options.AddPolicy("PremiumContentPolicy", ...