When you want to authorize based on user claims, then we can use claims-based authorization. A real-world example would be when you are driving a vehicle and the traffic police stop you, suspecting you are younger than 18 years. Then, you take out your driving license and claim that you are a perfectly legal age to drive . The police accept your claim (since it is issued by a valid authority) and let you drive on. This is claims-based authorization. Claims-based authorization checks are also declarative and can be decorated on a controller or action. Claims requirements are policy-based, so like in the previous section, we need to register the policy at startup, expressing the claims requirement. In the preceding ...