How authorization works

Authorization is done after authentication and it used to protect resources from the user that are not permissible. In ASP.NET Core, we can check and protect the user for accessing any resource by calling the User.Identity.IsAuthentication property that returns a Boolean value. True indicates that the user is authenticated.

By writing the following code in our ManageUsers action method in the MVC controller it will check if the user is already authenticated, otherwise returns the ChallengeResult, that redirects the user to the access denied page as configured in the authentication middleware:

    public IActionResult ManageUsers() 
    { 
      if (User.Identity.IsAuthenticated == false) 
      { 
        return new ChallengeResult(); 
      } 
      return View(); 
    }

We can replace the preceding code by just adding the Authorize attribute as follows:

    [Authorize] 
    public IActionResult ManageUsers() 
    { 
      return View(); 
    }

The Authorize attribute can be applied either at a Controller level or action method level and it also takes claims, roles, and policies to filter requests. Authorization techniques are covered later in the chapter.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.216.151.164