Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Policy-based authorization vs authorize with role in .Net Core

What is the difference between using policy-based authorization and authorize with role, or there is no difference?

[Authorize(Policy = "RequiredAdminRole")]

and

[Authorize(Roles = "Admin")]
like image 432
Hasan Darwish Avatar asked Oct 19 '19 15:10

Hasan Darwish


People also ask

What is an advantage of using a policy-based authorization instead of a role based one?

By using Policy-based & Role-based Authorization process, we can provide access to particular area of application to the user based on the Role/Policy of the user.

How many types of authorization are there in ASP.NET Core?

ASP.NET allows four types of authentications: Windows Authentication. Forms Authentication. Passport Authentication.

What is the difference between authorization and authentication in ASP.NET Core?

Authentication is the process of determining a user's identity. Authorization is the process of determining whether a user has access to a resource.

What is policy-based authorization?

Policy-based authentication is a new approach that provides a richer and more expressive model. This is because a policy is a collection of requirements based on claims and custom logic based on any other information that can be injected from the HTTP context or external sources.


1 Answers

Policy-based authorization gives you more flexibility. You can use custom authorization handlers with policies to add more complex logic than just checking if your user has a specific role. For example, you have some roles mappings in your database. You can create a policy that will check if your user is authorized according to that data or that can be any custom logic. You can also create policy only with .RequireRole("Admin") which technically will do the same as an attribute [Authorize(Roles = "Admin")] Take a look at how to implement custom authorization handlers in documentation

like image 94
Roman Svitukha Avatar answered Oct 06 '22 20:10

Roman Svitukha