关于[A better way to handle authorization in ASP.NET Core]的摘要:
I was asked by one of my clients to help build a fairly large web application, and their authentication (i.e. checking who is logging in) and authorization (i.e. what pages/feature the logged in user can access) is very complex. From my experience a knew that using ASP.NET’s Role-based approach wouldn’t cut it, and I found the new ASP.NET Core policy-based approach really clever but it needed me to write lots of (boring) policies.
原文地址: https://www.thereformedprogrammer.net/a-better-way-to-handle-authorization-in-asp-net-core/