10 Controlling access with authorization

This chapter covers

Enabling authorization services within a Razor Pages application
Using roles and claims to authorize endpoints
Creating authorization policies from requirements and handlers
Authorizing access to resources

In the last chapter, you learned how to identify your users by asking them to authenticate themselves. Once authenticated, the user is no longer anonymous; they have an identity, which we can use to restrict access to various parts of the application. This process is known as authorization, and it is vital for securing parts of your application against users who should not have access to them.

Even the simplest dynamic web application is likely to include an area where the owner ...

Get ASP.NET Core Razor Pages in Action now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

ASP.NET Core Razor Pages in Action by Mike Brind

10 Controlling access with authorization

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly