2

I'm using ASP.NET API with .NET Framework 4.7.1

And I'm looking for custom policy-based authorization. This document described custom policy-based authorization for .NET core, but how could I implement it for .NET framework?

Saeid
  • 13,224
  • 32
  • 107
  • 173

1 Answers1

1

There is a Nuget package that backports the Policy-based authorization to .NET Framework 4.

You can use Microsoft.Owin.Security.Authorization.Mvc or Microsoft.Owin.Security.Authorization.WebApi package, depending on what you need. Both packages will bring you the same functionalities described in the document you linked.

E.g.:

using Owin;
using Microsoft.Owin;
using Microsoft.Owin.Security.Authorization.Infrastructure;
using System.IdentityModel.Claims;

[assembly: OwinStartup(typeof(Startup))]
namespace Concep.Platform.WebApi.App_Start
{
    public class Startup
    {
        public void Configuration(IAppBuilder app)
        {
            app.UseAuthorization(options =>
            {
                options.AddPolicy("AbleToCreateUser", policy => policy.RequireClaim(JwtClaimTypes.Role, "Manager"));
            });
        }

    }
}

Source: https://vladimirgeorgiev.com/blog/policy-based-authorization-in-asp-net-4/

Tu.Ma.
  • 1,325
  • 10
  • 27
  • This is ASP.NET Core. The OP is looking for the equivalent in ASP.NET Framework. – Derek Foulk Jun 15 '20 at 19:17
  • Please notice that in the answer I wrote "There is a Nuget package that backports the Policy-based authorization to .NET Framework 4". Plus, the link directs to a page explicitly stating that the article applies to .NET Framework. – Tu.Ma. Jun 16 '20 at 08:41
  • Is there a way to check for a policy programmatically? I need it in a webforms aspx page – Thanasis Ioannidis Apr 22 '21 at 23:14