Reputation: 984
ASP.NET: What is the purpose of IAuthorizationService
I am trying to understand the ASP.NET policy-based authorization mechanism, and I understand that I need to do the following:
- Set up a policy
- Assign requirements to that policy
- Define authorization handlers to these requirements which perform the actual validation (And return whether the requirements were fulfilled or not)
- Add the authorization handlers to the dependency injection mechanism
However, reading the ASP.NET documentation, I understand I might need to set up an IAuthorizationService as well. I failed to understand why that is needed from the ASP.NET documentation.
Do I have to set one up? What should it do? Is that an alternative to the policy and authorization handlers I am setting up or a required addition to them?
Upvotes: 3
Views: 1872
Answers (1)
Reputation: 56
You can override IAuthorizationService to take control of full authorization logic in your application.
By default, IAuthorizationService is responsible for validation of Policy- Claim- or Role-based ruled, defined in AuthorizationOptions.
IAuthorizationService is usually being invoked in IAsyncAuthorizationFilter (which MVC adds automatically once you mark Controller or Action with [Authorize] attribute).
Upvotes: 3
Related Questions
- What is ASP.NET Identity?
- What exactly is 'UseAuthentication()' for?
- What purpose does the app.UseAuthorization() default serve?
- asp.net core: how AuthenticationHandler and IAuthenticationService are related?
- What is the use of asp.net identity .GenerateUserToken()
- What is CookieAuthenticationOptions.AuthenticationType used for?
- What OverrideAuthenticationAttribute is for?
- How does integrated windows authentication really work?
- What's the purpose of IAuthenticationFilter.OnAuthenticationChallenge()
- How does ASP.NET's Authentication module work?