Policy based authorization in ASP.NET Core

In my previous article, I explained about restricting users based on the IP Address.  It was implemented by using a whitelist of IP Address and middleware.  The solution helps authorize users on application level.  I also mentioned that, I will write another article to explain about restricting users on a controller level or action level.  Policy based authorization is a new feature introduced in Dotnet Core that allows you to implement the application authorization rules in code.  In this post, I will explain about Policy based authorization in ASP.NET Core with an implementation example.

Introduction

While authentication is to validate a user, authorization is to grant access to a resource of the application.  We all heard about role-based authorization, which provides access to the resources based on the role user has.  Policy based authorization, a new feature in Dotnet core allows you to implement loosely coupled security model.  This helps to decouple the authorization logic from controllers.

Please check the following link for more details.  

https://www.blogofpi.com/policy-based-authorization-in-asp-net-core/