ASP.NET Core provides a strong and extensible infrastructure for creating authorization rules and policies. In an attempt to keep this chapter as simple and clear as possible, I will show you the most straightforward way to create an authorization rule that will only allow users that have been registered for more than a year to add categories.
To add authorization policies, use the AddAuthorization extension method inside the ConfigureServices method, and add a policy by specifying its name and the logic it should perform:
services.AddAuthorization(options => options.AddPolicy("ExpereincedUser", (AuthorizationPolicyBuilder policy) =>{ /* policy logic */}));
For our case, where we need to check that the ...