Mid ASP.NET Core

Role-based vs policy-based authorization?

✅ Role-based:

[Authorize(Roles = "Admin")]

✅ Policy-based:

services.AddAuthorization(options => {

options.AddPolicy("CanEdit", policy =>

policy.RequireClaim("EditPermission"));

});

Then use:

[Authorize(Policy = "CanEdit")]

Policy-based gives more flexibility (custom requirements, claims, logic).

More from ASP.NET Core Tutorial

All questions for this course