If we want to write custom logic to authorize the user, I suggest you could consider using AuthorizeAttribute and the IAuthorizationFilter.
The IAuthorizationFilter provide the OnAuthorization method which could write some custom logic to authorize the user.
More details, you could refer to below codes:
public class CustomAuthorizeAttribute : AuthorizeAttribute, IAuthorizationFilter
{
public void OnAuthorization(AuthorizationFilterContext context)
{
//Custom code ...
//Return based on logic
context.Result = new UnauthorizedResult();
}
}
Besides, asp.net core recommend using the new policy design. The basic idea behind the new approach is to use the new [Authorize] attribute to designate a "policy" (e.g. [Authorize( Policy = "YouNeedToBe18ToDoThis")].
More details, you could refer to this answer.