UserClaims and Policy based authorization

 # UserClaims and Policy based authorization

1. we create policy using
     services.AddAuthorization(options =>
    {
        options.AddPolicy("DeleteRolePolicy",
            policy => policy.RequireClaim("Delete Role"));
    });
2. Using Claims Policy for Authorization Checks
     [HttpPost]
    [Authorize(Policy = "DeleteRolePolicy")]
    public async Task<IActionResult> DeleteRole(string id)
    {
        // Delete Role
    }
3. Adding Multiple Claims to Policy
    services.AddAuthorization(options =>
    {
        options.AddPolicy("DeleteRolePolicy",
            policy => policy.RequireClaim("Delete Role")
                            .RequireClaim("Create Role") .RequireRole("Super Admin")
                        
            );
    });
4. A claim is a name-value pair. It's really a piece of information about the user, not what the user can and cannot do. For example username, email, age, gender etc are all claims.
5. Claims are policy based. We create a policy and include one or more claims in that policy. The policy is then used along with the policy parameter of the Authorize attribute to implement claims based authorization.
6. Claims based authorization is relatively new and is the recommended approach. With it we can also use claims from external identity providers like Facebook, Google, Twitter etc. We will discuss using external identity providers and the claims they provide in our upcoming videos.
7. Role based authorization is still supported in asp.net core for backward compatibility. While Claims based authorization is the recommended approach, depending on your application authorization requirements you may use role based authorization, claims based authorization or a combination of both.