Last post Jun 21, 2019 11:12 AM by UMLer
Jun 20, 2019 10:43 PM|UMLer|LINK
Looks asp.net core supports user authorization directly, and more difficult. it reqires to create identity database.
But, i can do same work as well. user submit user name and password, i can verify these data. So my question is
why need asp.net core to do authorization? what is the benefit?
Thanks a lot.
Jun 21, 2019 03:19 AM|Sherry Chen|LINK
Hi UMLer ,
Authorization refers to the process that determines what a user is able to do. For example, an administrative user is allowed to create a document library, add documents, edit documents, and delete them. A non-administrative user working with the library
is only authorized to read the documents.
Authorization is orthogonal and independent from authentication. However, authorization requires an authentication mechanism. Authentication is the process of ascertaining who a user is. Authentication may create one or more identities for the current user.
ASP.NET Core authorization provides a simple, declarative role and a rich policy-based model.
Authorization is expressed in requirements, and handlers evaluate a user's claims against requirements. Imperative checks can be based on simple policies or policies which evaluate both the user identity and properties of the resource that the user is attempting
You could also take aside time to read the below link which explains the usage and the role of each authorization type :
Best Regards ,
Jun 21, 2019 11:12 AM|UMLer|LINK
thanks a lot