Custom Policy-Based Authorization in ASP.NET Framework

Question

I'm using ASP.NET API with .NET Framework 4.7.1

And I'm looking for custom policy-based authorization. This document described custom policy-based authorization for .NET core, but how could I implement it for .NET framework?

Answer 1

There is a Nuget package that backports the Policy-based authorization to .NET Framework 4.

You can use Microsoft.Owin.Security.Authorization.Mvc or Microsoft.Owin.Security.Authorization.WebApi package, depending on what you need. Both packages will bring you the same functionalities described in the document you linked.

E.g.:

using Owin;
using Microsoft.Owin;
using Microsoft.Owin.Security.Authorization.Infrastructure;
using System.IdentityModel.Claims;

[assembly: OwinStartup(typeof(Startup))]
namespace Concep.Platform.WebApi.App_Start
{
    public class Startup
    {
        public void Configuration(IAppBuilder app)
        {
            app.UseAuthorization(options =>
            {
                options.AddPolicy("AbleToCreateUser", policy => policy.RequireClaim(JwtClaimTypes.Role, "Manager"));
            });
        }

    }
}

Source: https://vladimirgeorgiev.com/blog/policy-based-authorization-in-asp-net-4/