@tailmax's approach works fine with ASP.NET 5 beta4, but won't work with beta5, beta6 and the next releases, because AuthorizeAttribute
has been totally revamped and doesn't expose OnAuthorization
anymore (it's now just a marker).
The recommended approach is to use the new authorization service to configure a new policy and simply use AuthorizeAttribute
:
public void ConfigureServices([NotNull] IServiceCollection services) {
services.ConfigureAuthorization(options => {
options.AddPolicy("ManageStore", policy => {
policy.RequireAuthenticatedUser();
policy.RequireClaim("ManageStore", "Allowed");
});
});
}
public class StoreController : Controller {
[Authorize(Policy = "ManageStore"), HttpGet]
public async Task<IActionResult> Manage() { ... }
}