Authorization is the process of determining whether a user, program or device is allowed to access a protected resource in a particular way. Authorization is a key theme in computer security practices.

- Stackoverflow.com Wiki
2 articles, 0 books.

ASP.NET Core provides a clean and simple model to express the application authorization rules in code: the Policy-based authorization model.


Authentication itself is a fairly simple process. Don’t build that, go and use a builtin solution, authentication is complex, but the good side of it is that there are rarely any business specific stuff around it. You need to authenticate a user, and that is one of those things that is generally such a common concern that you can take an off the shelve solution and go with that. Authorization is a lot more interesting.