Custom authorization filters
To implement a custom authorization filter, we need to create a class that derives either AuthorizeAttribute, AuthorizationFilterAttribute, or IAuthorizationFilter.
AuthorizeAttribute: An action is authorized based on the current user and the user's roles.AuthorizationFilterAttribute: Synchronous authorization logic is applied and it may not be based on the current user or role.IAuthorizationFilter: BothAuthorizeAttributeandAuthorizationFilterAttributeimplementIAuthorizationFilter.IAuthorizationFilteris to be implemented if advanced authorization logic is required.
Get ASP.NET Web API Security Essentials now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
