Introduction¶ 介绍 77 of 87 people found this helpful Authorization refers to the process that determines what a user is able to do. For example user Adam may be able to create a document library, add documents, edit documents and delete them. User Bob…

Limiting identity by scheme¶ 通过映射限制身份(这部分有好几个概念还不清楚,翻译的有问题) 36 of 39 people found this helpful In some scenarios, such as Single Page Applications it is possible to end up with multiple authentication methods. For example, your application may use co…

Claims-Based Authorization¶ 基于声明的授权 142 of 162 people found this helpful When an identity is created it may be assigned one or more claims issued by a trusted party. A claim is name value pair that represents what the subject is, not what the subject…

View Based Authorization¶ 基于视图的授权 44 of 46 people found this helpful Often a developer will want to show, hide or otherwise modify a UI based on the current user identity. You can access the authorization service within MVC views via dependency injec…

Resource Based Authorization¶ 基于资源的授权 68 of 73 people found this helpful Often authorization depends upon the resource being accessed. For example a document may have an author property. Only the document author would be allowed to update it, so the…

Dependency Injection in requirement handlers¶ 30 of 32 people found this helpful Authorization handlers must be registered in the service collection during configuration (using dependency injection). 授权处理器必须在配置期间注册到服务集合中. Suppose you had a repository…

Custom Policy-Based Authorization¶ 基于自定义策略的授权 98 of 108 people found this helpful Underneath the covers the role authorization and claims authorization make use of a requirement, a handler for the requirement and a pre-configured policy. These buildi…

Role based Authorization¶ 基于角色的授权 133 of 153 people found this helpful When an identity is created it may belong to one or more roles, for example Tracy may belong to the Administrator and User roles whilst Scott may only belong to the user role. How…

Simple Authorization¶ 简单授权 82 of 86 people found this helpful Authorization in MVC is controlled through the AuthorizeAttribute attribute and its various parameters. At its simplest applying the AuthorizeAttribute attribute to a controller or action…

Content Security Policy https://content-security-policy.com/ The new Content-Security-Policy HTTP response header helps you reduce XSS risks on modern browsers by declaring what dynamic resources are allowed to load via a HTTP Header. 现代浏览器提供的防止XSS攻击…