Equivalent of ClaimsAuthorizationAttribute in Microsoft.AspNet.Identity 3

Question

Does anyone know the equivalent of :

[ClaimsAuthorization(ClaimType="", ClaimValue="")]

in Microsoft.AspNet.Identity 3 (beta6)

Example with Identity 2.1:

[HttpGet]
[ClaimsAuthorization(ClaimType="ManageStore", ClaimValue="Allowed")]
public IActionResult Register()
{
     return View();
}

I think this question gets at what you are trying to do. It refers to the ManageStore permission and shows how that is configured in the latest version of the music store example. http://stackoverflow.com/questions/31464359/custom-authorizeattribute-in-asp-net-5-mvc-6 — Joe Audette, Jul 19 '15 at 13:38

score 3 · Accepted Answer · answered Jul 19 '15 at 13:40

@tailmax's approach works fine with ASP.NET 5 beta4, but won't work with beta5, beta6 and the next releases, because AuthorizeAttribute has been totally revamped and doesn't expose OnAuthorization anymore (it's now just a marker).

The recommended approach is to use the new authorization service to configure a new policy and simply use AuthorizeAttribute:

public void ConfigureServices([NotNull] IServiceCollection services) {
    services.ConfigureAuthorization(options => {
        options.AddPolicy("ManageStore", policy => {
            policy.RequireAuthenticatedUser();

            policy.RequireClaim("ManageStore", "Allowed");
        });
    });
}

public class StoreController : Controller {
    [Authorize(Policy = "ManageStore"), HttpGet]
    public async Task<IActionResult> Manage() { ... }
}

Equivalent of ClaimsAuthorizationAttribute in Microsoft.AspNet.Identity 3

1 Answers1