none
Custom Authentication Policies RRS feed

  • Question

  • Hi,

    I am working with .net framework 4.6  MVC 5 and I am using claims based authentication. In order for this to be useful, I need to create policies that may contain multiple roles. These policies will determine access to different controllers.

    This can easily be done using .net core with

    services.AddAuthorization(options=>{options.AddPolicy("EmployeeOnly",policy=>policy.RequireClaim("EmployeeNumber"));});

    I am trying to do something as similar to this as possible using .net framework 4.6. The things I have found include IAuthorization, which is very old, and ClaimsAuthenticationManager. It seems that ClaimsAuthenticationManager is somewhat similar, but much harder to implement.

    Looking further I have found AuthorizeAttribute. This seems like an easy way to define a policy based on certain claims. Is this a correct assumption?

    • Edited by madiganz Friday, September 23, 2016 5:46 PM
    Friday, September 23, 2016 4:58 PM

Answers

  • Hi madiganz,

    >> Is this a correct assumption?

    Correct.

    To restrict access to an ASP.NET MVC view, you restrict access to the action method that renders the view. To accomplish this, the MVC framework provides the AuthorizeAttribute class.

    For more information about using attributes, see Extending Metadata Using Attributes.

    ----I hope the reply would be helpful to you. If your issue has been resolved, please close your thread by marking useful posts as answer.

    Best Regards,

    Hart


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place. Click HERE to participate the survey.

    • Marked as answer by madiganz Monday, September 26, 2016 4:29 PM
    Monday, September 26, 2016 7:07 AM