在 ASP.NET Core 中授权简介Introduction to authorization in ASP.NET Core

授权是指确定何种操作的进程的用户便可执行操作。Authorization refers to the process that determines what a user is able to do. 例如,允许管理用户创建文档库、 将文档添加、 编辑文档,并将其删除。For example, an administrative user is allowed to create a document library, add documents, edit documents, and delete them. 使用库的非管理用户仅有权读取文档。A non-administrative user working with the library is only authorized to read the documents.

授权是正交和独立于身份验证。Authorization is orthogonal and independent from authentication. 但是,授权要求的身份验证机制。However, authorization requires an authentication mechanism. 身份验证是认定用户是谁的过程。Authentication is the process of ascertaining who a user is. 身份验证可能会创建一个或多个标识当前用户。Authentication may create one or more identities for the current user.

授权类型Authorization types

ASP.NET Core 授权提供一个简单、 声明性角色以及丰富基于策略的模型。ASP.NET Core authorization provides a simple, declarative role and a rich policy-based model. 授权要求,以表示和处理程序评估针对要求的用户的声明。Authorization is expressed in requirements, and handlers evaluate a user's claims against requirements. 命令性检查可以基于简单的策略或策略求值的用户标识和该用户尝试访问资源的属性。Imperative checks can be based on simple policies or policies which evaluate both the user identity and properties of the resource that the user is attempting to access.

命名空间Namespaces

授权组件,包括AuthorizeAttributeAllowAnonymousAttribute在找不到属性,Microsoft.AspNetCore.Authorization命名空间。Authorization components, including the AuthorizeAttribute and AllowAnonymousAttribute attributes, are found in the Microsoft.AspNetCore.Authorization namespace.

请参阅上的文档简单授权Consult the documentation on simple authorization.