10 Controlling access with authorization

This chapter covers

  • Enabling authorization services within a Razor Pages application
  • Using roles and claims to authorize endpoints
  • Creating authorization policies from requirements and handlers
  • Authorizing access to resources

In the last chapter, you learned how to identify your users by asking them to authenticate themselves. Once authenticated, the user is no longer anonymous; they have an identity, which we can use to restrict access to various parts of the application. This process is known as authorization, and it is vital for securing parts of your application against users who should not have access to them.

Even the simplest dynamic web application is likely to include an area where the owner ...

Get ASP.NET Core Razor Pages in Action now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.