How to add "Role Or Policy" to Authorize in .net Core

Question

Can i make Authorize Like this in .net Core API:

[Authorize(Roles = "SUPPORT") OR Policy = "SuperUser"]
public IActionResult MyMethod()
{
    ...
}

mean if user has "SUPPORT" role OR has "SuperUser" Police can access to MyMethod.

Does this answer your question? [Allow multiple roles to access controller action](https://stackoverflow.com/questions/700166/allow-multiple-roles-to-access-controller-action) — Kevin, Mar 14 '22 at 10:04

score -1 · Answer 1 · answered Mar 15 '22 at 06:42

-1

According to your description, I suggest you could put multiple Authorize attribute to achieve your requirement.

Like below:

[Authorize(Policy = "SuperUser")]
[Authorize(Roles = "SUPPORT")]
public IActionResult MyMethod()
{
    ...
}

answered Mar 15 '22 at 06:42

Brando Zhang

1

Stacking attributes will result in an AND condition where the policy must be true and the user must have the roles as well. – Jeff Barnard Apr 08 '22 at 20:12

1 Answers1