ASP.NET Core 中的授权简介Introduction to authorization in ASP.NET Core

授权是指确定用户可执行的操作的过程。Authorization refers to the process that determines what a user is able to do. 例如,允许管理用户创建文档库、添加文档、编辑文档和删除文档。For example, an administrative user is allowed to create a document library, add documents, edit documents, and delete them. 使用库的非管理用户仅获得读取文档的权限。A non-administrative user working with the library is only authorized to read the documents.

授权与身份验证相互独立。Authorization is orthogonal and independent from authentication. 但是,授权需要一种身份验证机制。However, authorization requires an authentication mechanism. 身份验证是认定用户的过程。Authentication is the process of ascertaining who a user is. 身份验证可为当前用户创建一个或多个标识。Authentication may create one or more identities for the current user.

有关 ASP.NET Core 中的身份验证的详细信息ASP.NET Core 身份验证概述,请参阅。For more information about authentication in ASP.NET Core, see ASP.NET Core 身份验证概述.

授权类型Authorization types

ASP.NET Core 授权提供简单的声明性角色基于策略的丰富模型。ASP.NET Core authorization provides a simple, declarative role and a rich policy-based model. 授权在要求中表示,而处理程序根据要求评估用户的声明。Authorization is expressed in requirements, and handlers evaluate a user's claims against requirements. 命令式检查可以基于简单的策略或策略,这些策略可评估用户尝试访问的资源的用户标识和属性。Imperative checks can be based on simple policies or policies which evaluate both the user identity and properties of the resource that the user is attempting to access.


可在Microsoft.AspNetCore.Authorization命名空间中AuthorizeAttribute找到AllowAnonymousAttribute授权组件,包括和属性。Authorization components, including the AuthorizeAttribute and AllowAnonymousAttribute attributes, are found in the Microsoft.AspNetCore.Authorization namespace.

请查阅有关简单授权的文档。Consult the documentation on simple authorization.