-
Notifications
You must be signed in to change notification settings - Fork 16
Home
Owin-Authorization provides both declarative and imperative authorization functionality to enable you to limit access to controllers and actions based upon the role or claims an identity contains, and the resource being requested.
Authorization refers to the process that determines what a user is able to do. For example user Adam may be able to create a document library, add documents, edit documents and delete them. User Bob may only be authorized to read documents in a single library.
Authorization is orthogonal and independent from authentication, which is the process of ascertaining who a user is. Authentication may create one or more identities for the current user.
Owin-Authorization provides simple declarative role and a richer policy based model where authorization is expressed in requirements and handlers evaluate a users claims against requirements. Imperative checks can be based on simple policies or polices which evaluate both the user identity and properties of the resource that the user is attempting to access.
The authorization attribute is part of the Microsoft Owin namespace, specifically you must add using Microsoft.Owin.Security.Authorization;
Authorization is controlled through the ResourceAuthorize attribute and its various parameters. The ResourceAuthorize attribute works the same way for both web api controllers and MVC controllers. For consistency, examples will use MVC controllers unless otherwise specified.