ASP.NET Core Authentication and Authorization – Part 3

Hi Friends,

In this section, I am going to continue from the last section where I left the discussion. So, in this section, I am going to discuss more on authorization. In previous sections, we have already seen basic [Authorize] piece. Now, let us discuss some of the extended feature of the same.

252nd

Here, you can see in the intellisense window, there is policy. Now, in order to set the policy, first we need to setup the middleware. Below in the screenshot, you can see that different types of settings which can be defined under policy section.

253rd

Therefore this is the place wherein I can mix and match with different options like shown below with claim type.

254th

Below, I have setup my policy and applied the same on About action.

257th

256th

With the above change in place, when I run the app and go to About Page, it will present the below view.

255th

258th

Upon login, it presented me Access Denied page. And, the reason is simple, because while authenticating we are passing surname type rather than name type and that too with a different name, which is not there in db, hence access denied. In terms of HTTP, it returns 404 HTTP status code which is content not found.

260th

However, if I change the code as shown below, then it will get authenticated.

259th

261th

Now, if I log off and try to login from Facebook account, then this will again give the same access denied error. I hope, you would have liked this discussion around Authentication and Authorization. Thanks for joining me.

Thanks,
Rahul Sahay
Happy Coding

3,316 total views, 1 views today