What is the difference between role Authorization and claim Authorization and when should I use one of them in Asp.net Core Identity?
Asked
Active
Viewed 1,379 times
0
David Liang
- 20,385
- 6
- 44
- 70
Sharif Al-Hayek
- 72
- 1
- 15
1 Answers
3
Role base authorization is to support existing applications and for backward compatibility. Claims authorization is for future, it gives flexibility to design systems based on the claims for the user. As you may know, claims are key-value based. We can have authorization rules to verify if the claims exists for the user (OR) the claim has a specific value. In role-based, it can imagined by having a separate role for each set of authorization rules.
Sunny
- 4,765
- 5
- 37
- 72
-
1-1 This just isn't true. Claim-based authorization can complement role-based authorization and vice versa. It is not a successor in that definition. I think your answer could be improved by removing your personal opinion about how claim authorization is the future, and instead showing how they can work together. – Zimano Aug 30 '22 at 13:05