ASP.NET Core Authentication and Authorization – Part 3

Hi Friends,

In this section, I am going to continue from the last section where I left the discussion. So, in this section, I am going to discuss more on authorization. In previous sections, we have already seen basic [Authorize] piece. Now, let us discuss some of the extended feature of the same.


Here, you can see in the intellisense window, there is policy. Now, in order to set the policy, first we need to setup the middleware. Below in the screenshot, you can see that different types of settings which can be defined under policy section.


Therefore this is the place wherein I can mix and match with different options like shown below with claim type.


Below, I have setup my policy and applied the same on About action.



With the above change in place, when I run the app and go to About Page, it will present the below view.



Upon login, it presented me Access Denied page. And, the reason is simple, because while authenticating we are passing surname type rather than name type and that too with a different name, which is not there in db, hence access denied. In terms of HTTP, it returns 404 HTTP status code which is content not found.


However, if I change the code as shown below, then it will get authenticated.



Now, if I log off and try to login from Facebook account, then this will again give the same access denied error. I hope, you would have liked this discussion around Authentication and Authorization. Thanks for joining me.

Rahul Sahay
Happy Coding