Last post Jan 03, 2019 06:29 AM by Nan Yu
Jan 02, 2019 07:47 PM|BitShift|LINK
Im going through the docs here
Why does MS distinguish Claims and Policies as separate authentication types? Even with the section on Claims, you still have to create a policy. Are they trying to say that just checking for the existence of a claim is "claims based authorization" whereas
otherwise if you use your own requirements on the policy you are using "policy based" authorization?
Jan 03, 2019 06:29 AM|Nan Yu|LINK
Hi BitShift ,
Policy authorization can be worked with claim based authorization to help create rules to validate related claim . Policy is a set of rules , it can be used to validate from any resource during authorization , you can just use policy authorization without
claim based authorization or role based authorization .