locked
Question about ASP.NET 2.2 Core authorization options - Claims vs Policies but why the distinction? RRS feed

  • Question

  • User853731431 posted

    Im going through the docs here

    https://docs.microsoft.com/en-us/aspnet/core/security/authorization/policies?view=aspnetcore-2.2

    Why does MS distinguish Claims and Policies as separate authentication types? Even with the section on Claims, you still have to create a policy. Are they trying to say that just checking for the existence of a claim is "claims based authorization" whereas otherwise if you use your own requirements on the policy you are using "policy based" authorization?

    Wednesday, January 2, 2019 7:47 PM

All replies

  • User1724605321 posted

    Hi BitShift ,

    Policy authorization can be worked with claim based authorization to help create rules to validate related claim . Policy is a set of rules , it can be used to validate from any resource during authorization , you can just use policy authorization without claim based authorization or role based authorization . 

    Best Regards,

    Nan Yu

    Thursday, January 3, 2019 6:29 AM