As explained in the introduction to this chapter, authorization can be used to exclude a user from specific parts of an application once they have already been authenticated. In our Hospital Records application, we could restrict certain features so they are accessible to doctors but not nurses or patients.
Here is a high-level overview of how you can implement basic authorization techniques in an ASP.NET Core application:
Use the
Authorization
namespace in your controller code.Grant authorization at the controller class level.
Grant authorization at the controller action method level.
Grant anonymous access at the controller class level.
Grant anonymous access at the controller action method level.
Although the first step is required to use authorization, the rest of the suggestions do not have to be followed in any particular order. In fact, you can authorize either a controller class or a method, both, or none at all. In all cases...