Custom user roles and role-based authorization in ASP.NET core


The authorization model in ASP.NET Core got a big overhaul with the introduction of policy-based authorization. Authorization now uses requirements and handlers, which are decoupled from your controllers and loosely coupled to your data models. The result is a more modular, more testable authorization framework that fits into the modern ASP.NET Core approach nicely.

It’s still possible to do the role-based authorization most ASP.NET devs are familiar with, but that’s only the tip of the iceberg! In this post, I’ll walk you through some of the awesome new features, and how you can combine them with Stormpath for powerful, scalable authorization!