In my previous article, I explained about restricting users based on the IP Address. It was implemented by using a whitelist of IP Address and middleware. The solution helps authorize users on application level. I also mentioned that, I will write another article to explain about restricting users on a controller level or action level. Policy based authorization is a new feature introduced in Dotnet Core that allows you to implement the application authorization rules in code. In this post, I will explain about Policy based authorization in ASP.NET Core with an implementation example.
While authentication is to validate a user, authorization is to grant access to a resource of the application. We all heard about role-based authorization, which provides access to the resources based on the role user has. Policy based authorization, a new feature in Dotnet core allows you to implement loosely coupled security model. This helps to decouple the authorization logic from controllers.
Please check the following link for more details.