'ASP.NET Core - Custom Authorization Policy for Users
I'll explain the general scenario and what I did before this point.
I created a .NET 6 Web Application and scaffolded the authentication with Identity. I just added a specific field 'ApprovedByAdmin' (default false) to the AspNetUser table.
Goal:
I want all the pages of my web application protected with a specific authorization policy, except for Login and Register routes.
Basically the user can register himself to the web site, but then the login can only work if an admin has authorized the User (so if the ApprovedByAdmin has been set to true). Then the rest of the pages will be visible.
The problem:
I already crafted the behaviour with a different programming language and framework (Php and Laravel), and I simply handled the authorization with a Route Middleware.
How can I achieve the same result with .Net Core and Identity? I've read the official Microsoft documentation, should I use Claims/Roles?
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|